Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7rtK9LWbTc.exe

Overview

General Information

Sample name:7rtK9LWbTc.exe
renamed because original name is a hash value
Original sample name:1530387224130061e6087f1c57655891a251895e.exe
Analysis ID:1546801
MD5:d0930dc6939b931c258795a16b59c2cf
SHA1:1530387224130061e6087f1c57655891a251895e
SHA256:5cc4012aaf7b2da15f12a47279c9b5c634e8d2daf6e93dff0492cdbc73ba9e7d
Tags:exeReversingLabsuser-NDA0E
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Self deletion via cmd or bat file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (may stop execution after checking a module file name)
Internet Provider seen in connection with other malware
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 7rtK9LWbTc.exe (PID: 8056 cmdline: "C:\Users\user\Desktop\7rtK9LWbTc.exe" MD5: D0930DC6939B931C258795A16B59C2CF)
    • guifx.exe (PID: 8080 cmdline: "C:\ProgramData\Graphics\guifx.exe" /run MD5: A7D9795D178F27CA2CEBB45293CFE3B1)
    • cmd.exe (PID: 5804 cmdline: "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 7366FBEFE66BA0F1F5304F7D6FEF09FE)
  • guifx.exe (PID: 7340 cmdline: "C:\ProgramData\Graphics\guifx.exe" /run MD5: A7D9795D178F27CA2CEBB45293CFE3B1)
  • guifx.exe (PID: 7804 cmdline: "C:\ProgramData\Graphics\guifx.exe" /run MD5: A7D9795D178F27CA2CEBB45293CFE3B1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Graphics\guifx.exe" /run, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\7rtK9LWbTc.exe, ProcessId: 8056, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Graphics

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-01T15:56:43.995773+010020229301A Network Trojan was detected4.175.87.197443192.168.2.352231TCP
2024-11-01T15:57:24.132928+010020229301A Network Trojan was detected4.175.87.197443192.168.2.356234TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-01T15:56:25.946305+010028249761Malware Command and Control Activity Detected192.168.2.349713165.194.123.67443TCP
2024-11-01T15:56:25.984737+010028249761Malware Command and Control Activity Detected192.168.2.349717165.194.123.67443TCP
2024-11-01T15:56:25.986796+010028249761Malware Command and Control Activity Detected192.168.2.349718165.194.123.67443TCP
2024-11-01T15:56:25.994165+010028249761Malware Command and Control Activity Detected192.168.2.349721165.194.123.67443TCP
2024-11-01T15:56:26.015007+010028249761Malware Command and Control Activity Detected192.168.2.349732165.194.123.67443TCP
2024-11-01T15:56:26.018663+010028249761Malware Command and Control Activity Detected192.168.2.349734165.194.123.67443TCP
2024-11-01T15:56:26.023901+010028249761Malware Command and Control Activity Detected192.168.2.349737165.194.123.67443TCP
2024-11-01T15:56:26.033127+010028249761Malware Command and Control Activity Detected192.168.2.349742165.194.123.67443TCP
2024-11-01T15:56:26.039997+010028249761Malware Command and Control Activity Detected192.168.2.349746165.194.123.67443TCP
2024-11-01T15:56:26.044060+010028249761Malware Command and Control Activity Detected192.168.2.349748165.194.123.67443TCP
2024-11-01T15:57:21.114817+010028249761Malware Command and Control Activity Detected192.168.2.356131165.194.123.67443TCP
2024-11-01T15:57:22.421563+010028249761Malware Command and Control Activity Detected192.168.2.356300165.194.123.67443TCP
2024-11-01T15:57:22.504054+010028249761Malware Command and Control Activity Detected192.168.2.356344165.194.123.67443TCP
2024-11-01T15:57:23.649361+010028249761Malware Command and Control Activity Detected192.168.2.356421165.194.123.67443TCP
2024-11-01T15:57:24.992918+010028249761Malware Command and Control Activity Detected192.168.2.356597165.194.123.67443TCP
2024-11-01T15:57:26.003800+010028249761Malware Command and Control Activity Detected192.168.2.356607165.194.123.67443TCP
2024-11-01T15:57:26.015716+010028249761Malware Command and Control Activity Detected192.168.2.356614165.194.123.67443TCP
2024-11-01T15:57:26.043493+010028249761Malware Command and Control Activity Detected192.168.2.356628165.194.123.67443TCP
2024-11-01T15:57:26.051501+010028249761Malware Command and Control Activity Detected192.168.2.356631165.194.123.67443TCP
2024-11-01T15:57:26.062831+010028249761Malware Command and Control Activity Detected192.168.2.356637165.194.123.67443TCP
2024-11-01T15:58:13.367634+010028249761Malware Command and Control Activity Detected192.168.2.361379165.194.123.67443TCP
2024-11-01T15:58:13.477389+010028249761Malware Command and Control Activity Detected192.168.2.361429165.194.123.67443TCP
2024-11-01T15:58:14.610729+010028249761Malware Command and Control Activity Detected192.168.2.361480165.194.123.67443TCP
2024-11-01T15:58:14.681179+010028249761Malware Command and Control Activity Detected192.168.2.361519165.194.123.67443TCP
2024-11-01T15:58:16.092610+010028249761Malware Command and Control Activity Detected192.168.2.361619165.194.123.67443TCP
2024-11-01T15:58:22.336559+010028249761Malware Command and Control Activity Detected192.168.2.362291165.194.123.67443TCP
2024-11-01T15:58:26.572505+010028249761Malware Command and Control Activity Detected192.168.2.362621165.194.123.67443TCP
2024-11-01T15:58:26.575036+010028249761Malware Command and Control Activity Detected192.168.2.362622165.194.123.67443TCP
2024-11-01T15:58:26.603630+010028249761Malware Command and Control Activity Detected192.168.2.362636165.194.123.67443TCP
2024-11-01T15:58:26.634937+010028249761Malware Command and Control Activity Detected192.168.2.362650165.194.123.67443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 7rtK9LWbTc.exeAvira: detected
Antivirus detection for dropped file
Source: C:\ProgramData\Graphics\guifx.exeAvira: detection malicious, Label: TR/Agent.fjnu
Multi AV Scanner detection for submitted file
Source: 7rtK9LWbTc.exeReversingLabs: Detection: 97%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.9% probability
Machine Learning detection for dropped file
Source: C:\ProgramData\Graphics\guifx.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: 7rtK9LWbTc.exeJoe Sandbox ML: detected
Source: 7rtK9LWbTc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 7rtK9LWbTc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdb source: 7rtK9LWbTc.exe, guifx.exe.0.dr
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdbA source: 7rtK9LWbTc.exe, guifx.exe.0.dr

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49746 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49713 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49734 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49737 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49717 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49721 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49748 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49742 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49718 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49732 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56628 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56631 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56607 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56637 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56344 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56131 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56614 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56421 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56300 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56597 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62621 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61379 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61429 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62636 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62650 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61480 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61519 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62291 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62622 -> 165.194.123.67:443
Source: Network trafficSuricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61619 -> 165.194.123.67:443
Source: Joe Sandbox ViewASN Name: CAUNET-AS-KRChung-AngUniversityKR CAUNET-AS-KRChung-AngUniversityKR
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.3:52231
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.3:56234
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknownTCP traffic detected without corresponding DNS query: 165.194.123.67
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC27E0 WSAStartup,Sleep,Sleep,recv,closesocket,Sleep,0_2_00BC27E0
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://sf.symcb.com/sf.crt0
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://sf.symcd.com0&
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: http://www.initech.com0
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: 7rtK9LWbTc.exe, guifx.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: unknownNetwork traffic detected: HTTP traffic on port 57084 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62435 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61580 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50440 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59253 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50464 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50439 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63303 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61592 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60278 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62411 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52608 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62447 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51320 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59290 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62460 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60229 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63315 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60230 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59289 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62459 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57047 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63327 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61543 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59277 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51307 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52621 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56180 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61146 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53844
Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53537 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53841
Source: unknownNetwork traffic detected: HTTP traffic on port 62496 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53850
Source: unknownNetwork traffic detected: HTTP traffic on port 60675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61158 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53855
Source: unknownNetwork traffic detected: HTTP traffic on port 62868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53852
Source: unknownNetwork traffic detected: HTTP traffic on port 53910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52200 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51207
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51208
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51205
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53868
Source: unknownNetwork traffic detected: HTTP traffic on port 57011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51209
Source: unknownNetwork traffic detected: HTTP traffic on port 58348 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51200
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53860
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51203
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53866
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53865
Source: unknownNetwork traffic detected: HTTP traffic on port 54851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56192 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51202
Source: unknownNetwork traffic detected: HTTP traffic on port 59228 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62472 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53525 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62484 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51218
Source: unknownNetwork traffic detected: HTTP traffic on port 53922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51216
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51210
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53873
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51211
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53871
Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51215
Source: unknownNetwork traffic detected: HTTP traffic on port 50897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53874
Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51213
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53880
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60663 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53805
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60651 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53800
Source: unknownNetwork traffic detected: HTTP traffic on port 54838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55299 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58324 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53809
Source: unknownNetwork traffic detected: HTTP traffic on port 62893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53812
Source: unknownNetwork traffic detected: HTTP traffic on port 61976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53811
Source: unknownNetwork traffic detected: HTTP traffic on port 61567 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53810
Source: unknownNetwork traffic detected: HTTP traffic on port 53501 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53824
Source: unknownNetwork traffic detected: HTTP traffic on port 59649 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53823
Source: unknownNetwork traffic detected: HTTP traffic on port 51790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53827
Source: unknownNetwork traffic detected: HTTP traffic on port 55287 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53820
Source: unknownNetwork traffic detected: HTTP traffic on port 58312 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61579 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53835
Source: unknownNetwork traffic detected: HTTP traffic on port 54430 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53833
Source: unknownNetwork traffic detected: HTTP traffic on port 53513 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53832
Source: unknownNetwork traffic detected: HTTP traffic on port 50488 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53830
Source: unknownNetwork traffic detected: HTTP traffic on port 59241 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60254 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51143
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51149
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51147
Source: unknownNetwork traffic detected: HTTP traffic on port 56623 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63129
Source: unknownNetwork traffic detected: HTTP traffic on port 59637 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51151
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51152
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51150
Source: unknownNetwork traffic detected: HTTP traffic on port 53598 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63122
Source: unknownNetwork traffic detected: HTTP traffic on port 60626 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63126
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63125
Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63128
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63141
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51155
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51156
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51154
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51159
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51158
Source: unknownNetwork traffic detected: HTTP traffic on port 54442 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51162
Source: unknownNetwork traffic detected: HTTP traffic on port 57456 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51160
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51161
Source: unknownNetwork traffic detected: HTTP traffic on port 50812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63133
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63135
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63134
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63136
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63139
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63138
Source: unknownNetwork traffic detected: HTTP traffic on port 56635 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63151
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63150
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63152
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51165
Source: unknownNetwork traffic detected: HTTP traffic on port 60638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51170
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51172
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63143
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63146
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63147
Source: unknownNetwork traffic detected: HTTP traffic on port 59625 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63149
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63160
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63162
Source: unknownNetwork traffic detected: HTTP traffic on port 50824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63161
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63164
Source: unknownNetwork traffic detected: HTTP traffic on port 57444 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51175
Source: unknownNetwork traffic detected: HTTP traffic on port 53104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
Source: unknownNetwork traffic detected: HTTP traffic on port 61195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51179
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51180
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51183
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63155
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63154
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63156
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63159
Source: unknownNetwork traffic detected: HTTP traffic on port 53562 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63158
Source: unknownNetwork traffic detected: HTTP traffic on port 54454 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51108
Source: unknownNetwork traffic detected: HTTP traffic on port 56576 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53769
Source: unknownNetwork traffic detected: HTTP traffic on port 59601 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51107
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53768
Source: unknownNetwork traffic detected: HTTP traffic on port 54395 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53761
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53760
Source: unknownNetwork traffic detected: HTTP traffic on port 57420 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51103
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53764
Source: unknownNetwork traffic detected: HTTP traffic on port 61988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53770
Source: unknownNetwork traffic detected: HTTP traffic on port 63376 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57503 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51119
Source: unknownNetwork traffic detected: HTTP traffic on port 56659 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51118
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51116
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53776
Source: unknownNetwork traffic detected: HTTP traffic on port 54466 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59613 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51114
Source: unknownNetwork traffic detected: HTTP traffic on port 53550 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53775
Source: unknownNetwork traffic detected: HTTP traffic on port 56564 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56588 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53780
Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60602 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51128
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51129
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53782
Source: unknownNetwork traffic detected: HTTP traffic on port 57493 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51126
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53787
Source: unknownNetwork traffic detected: HTTP traffic on port 63388 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51125
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63107
Source: unknownNetwork traffic detected: HTTP traffic on port 50836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54008 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53791
Source: unknownNetwork traffic detected: HTTP traffic on port 57432 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53790
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63103
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63105
Source: unknownNetwork traffic detected: HTTP traffic on port 54478 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51139
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51133
Source: unknownNetwork traffic detected: HTTP traffic on port 52694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53796
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51134
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51138
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51136
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53797
Source: unknownNetwork traffic detected: HTTP traffic on port 60614 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56647 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63118
Source: unknownNetwork traffic detected: HTTP traffic on port 53549 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51141
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63114
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63116
Source: unknownNetwork traffic detected: HTTP traffic on port 52682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56540 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61531 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54491 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63340 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58361 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57527 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58373 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57515 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61518 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56527 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56552 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57481 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53491 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63339 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63170
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63172
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51188
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51189
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51187
Source: unknownNetwork traffic detected: HTTP traffic on port 63293 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51192
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51190
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51195
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51196
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51193
Source: unknownNetwork traffic detected: HTTP traffic on port 58385 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51194
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC12A00_2_00BC12A0
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC10C00_2_00BC10C0
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC10200_2_00BC1020
Source: C:\ProgramData\Graphics\guifx.exeCode function: 1_2_00F712A01_2_00F712A0
Source: C:\ProgramData\Graphics\guifx.exeCode function: 1_2_00F710C01_2_00F710C0
Source: C:\ProgramData\Graphics\guifx.exeCode function: 1_2_00F710201_2_00F71020
Source: 7rtK9LWbTc.exe, 00000000.00000000.1405883459.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInitech Client> vs 7rtK9LWbTc.exe
Source: 7rtK9LWbTc.exe, 00000000.00000002.1714258287.0000000002480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInitech Client> vs 7rtK9LWbTc.exe
Source: 7rtK9LWbTc.exe, 00000000.00000002.1713818622.0000000000A24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmY vs 7rtK9LWbTc.exe
Source: 7rtK9LWbTc.exeBinary or memory string: OriginalFilenameInitech Client> vs 7rtK9LWbTc.exe
Source: 7rtK9LWbTc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal92.evad.winEXE@8/2@0/1
Source: C:\ProgramData\Graphics\guifx.exeMutant created: \Sessions\1\BaseNamedObjects\MUTEX394039_4830023
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1796:120:WilError_03
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCommand line argument: /run0_2_00BC2C50
Source: C:\ProgramData\Graphics\guifx.exeCommand line argument: /run1_2_00F72C50
Source: 7rtK9LWbTc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 7rtK9LWbTc.exeReversingLabs: Detection: 97%
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeFile read: C:\Users\user\Desktop\7rtK9LWbTc.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\7rtK9LWbTc.exe "C:\Users\user\Desktop\7rtK9LWbTc.exe"
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /run
Source: unknownProcess created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /run
Source: unknownProcess created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /run
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /runJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NULJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: virtdisk.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: apphelp.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: wininet.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: urlmon.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: iertutil.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: srvcli.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: netutils.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: napinsp.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: wshbth.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: mswsock.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: winrnr.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: sspicli.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: wininet.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: urlmon.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: iertutil.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: srvcli.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: netutils.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: wininet.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: urlmon.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: iertutil.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: srvcli.dllJump to behavior
Source: C:\ProgramData\Graphics\guifx.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: 7rtK9LWbTc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 7rtK9LWbTc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 7rtK9LWbTc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 7rtK9LWbTc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 7rtK9LWbTc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 7rtK9LWbTc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 7rtK9LWbTc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 7rtK9LWbTc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdb source: 7rtK9LWbTc.exe, guifx.exe.0.dr
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdbA source: 7rtK9LWbTc.exe, guifx.exe.0.dr
Source: 7rtK9LWbTc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 7rtK9LWbTc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 7rtK9LWbTc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 7rtK9LWbTc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 7rtK9LWbTc.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC8E5C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00BC8E5C
Source: guifx.exe.0.drStatic PE information: real checksum: 0x14886 should be: 0x2294b
Source: 7rtK9LWbTc.exeStatic PE information: real checksum: 0x14886 should be: 0x1da2f
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC76E5 push ecx; ret 0_2_00BC76F8
Source: C:\ProgramData\Graphics\guifx.exeCode function: 1_2_00F776E5 push ecx; ret 1_2_00F776F8
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeFile created: C:\ProgramData\Graphics\guifx.exeJump to dropped file
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeFile created: C:\ProgramData\Graphics\guifx.exeJump to dropped file
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GraphicsJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GraphicsJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Self deletion via cmd or bat file
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess created: "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess created: "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NULJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_0-5643
Source: C:\ProgramData\Graphics\guifx.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_1-5653
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: _malloc,_free,GetAdaptersInfo,HeapReAlloc,GetLastError,GetLastError,0_2_00BC306D
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: GetComputerNameA,_malloc,GetAdaptersInfo,GetAdaptersInfo,GetAdaptersInfo,_sprintf,_sprintf,_free,0_2_00BC17E0
Source: C:\ProgramData\Graphics\guifx.exeCode function: GetComputerNameA,_malloc,GetAdaptersInfo,GetAdaptersInfo,GetAdaptersInfo,_sprintf,_sprintf,_free,1_2_00F717E0
Source: C:\ProgramData\Graphics\guifx.exeCode function: _malloc,_free,GetAdaptersInfo,HeapReAlloc,GetLastError,GetLastError,1_2_00F7306D
Source: C:\ProgramData\Graphics\guifx.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_1-6483
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-6501
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-5700
Source: C:\ProgramData\Graphics\guifx.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_1-5709
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: 7rtK9LWbTc.exe, 00000000.00000002.1713818622.0000000000A24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: guifx.exe, 00000001.00000002.2667057368.00000000008D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\ProgramData\Graphics\guifx.exeAPI call chain: ExitProcess graph end nodegraph_1-5652
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC2D39 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00BC2D39
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC8E5C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00BC8E5C
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC1B60 recv,WSAGetLastError,Sleep,GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_00BC1B60
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC6E85 SetUnhandledExceptionFilter,0_2_00BC6E85
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC2D39 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00BC2D39
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC4555 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BC4555
Source: C:\ProgramData\Graphics\guifx.exeCode function: 1_2_00F76E85 SetUnhandledExceptionFilter,1_2_00F76E85
Source: C:\ProgramData\Graphics\guifx.exeCode function: 1_2_00F74555 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00F74555
Source: C:\ProgramData\Graphics\guifx.exeCode function: 1_2_00F72D39 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00F72D39
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NULJump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC788F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00BC788F
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC19A0 GetUserNameA,_sprintf,lstrlenA,WSAStartup,gethostname,gethostbyname,WSACleanup,0_2_00BC19A0
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC5E9B __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_00BC5E9B
Source: C:\Users\user\Desktop\7rtK9LWbTc.exeCode function: 0_2_00BC1720 _memset,GetVersionExA,GetVersionExA,GetVersionExA,wsprintfA,0_2_00BC1720

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Native API		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Obfuscated Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
DLL Side-Loading		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDS1
System Owner/User Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
System Network Configuration Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
7rtK9LWbTc.exe97%ReversingLabsWin32.Backdoor.Rifdoor
7rtK9LWbTc.exe100%AviraTR/Agent.fjnu
7rtK9LWbTc.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\Graphics\guifx.exe100%AviraTR/Agent.fjnu
C:\ProgramData\Graphics\guifx.exe100%Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.thawte.com/ThawteTimestampingCA.crl07rtK9LWbTc.exe, guifx.exe.0.drfalse
  • URL Reputation: safe
unknown
http://ocsp.thawte.com07rtK9LWbTc.exe, guifx.exe.0.drfalse
  • URL Reputation: safe
unknown
http://www.initech.com07rtK9LWbTc.exe, guifx.exe.0.drfalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    165.194.123.67
    		unknownKorea Republic of
    		17575CAUNET-AS-KRChung-AngUniversityKRtrue

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1546801
    Start date and time:2024-11-01 15:55:19 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 7m 7s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:11
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:7rtK9LWbTc.exe
    renamed because original name is a hash value
    Original Sample Name:1530387224130061e6087f1c57655891a251895e.exe
    Detection:MAL
    Classification:mal92.evad.winEXE@8/2@0/1
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 12
    • Number of non-executed functions: 43
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
    • Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing network information.
    • Report size getting too big, too many NtCreateFile calls found.
    • Report size getting too big, too many NtDeviceIoControlFile calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • VT rate limit hit for: 7rtK9LWbTc.exe

    Simulations

    Behavior and APIs

    TimeTypeDescription
    15:56:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Graphics "C:\ProgramData\Graphics\guifx.exe" /run
    15:56:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Graphics "C:\ProgramData\Graphics\guifx.exe" /run

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    165.194.123.677D6J8VLSb0.exeGet hashmaliciousUnknownBrowse
      7D6J8VLSb0.exeGet hashmaliciousUnknownBrowse

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        CAUNET-AS-KRChung-AngUniversityKRla.bot.mipsel.elfGet hashmaliciousUnknownBrowse
        • 165.195.252.222
        la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
        • 165.194.55.87
        botnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
        • 165.195.13.52
        botx.mips.elfGet hashmaliciousMiraiBrowse
        • 165.195.79.140
        xS8bwPQjO2.elfGet hashmaliciousMiraiBrowse
        • 165.195.32.143
        skt.sh4.elfGet hashmaliciousMiraiBrowse
        • 165.195.32.116
        7ALXuklmvu.elfGet hashmaliciousMiraiBrowse
        • 165.195.32.113
        gVPlpwuoVV.elfGet hashmaliciousMiraiBrowse
        • 165.195.79.193
        QXp14SFCPn.elfGet hashmaliciousMiraiBrowse
        • 165.195.32.158
        JiD2VwpPLD.elfGet hashmaliciousMiraiBrowse
        • 165.195.32.134

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\ProgramData\Graphics\guifx.exe

        Download File
        Process:C:\Users\user\Desktop\7rtK9LWbTc.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):80316
        Entropy (8bit):6.297467049156134
        Encrypted:false
        SSDEEP:1536:nLNIW39SaZTbFARlq7jC1OZstZu0TS3gEdUJCkb0FG5q:nLlbZTZX3BAtTS3gEdUJCkb0FGg
        MD5:A7D9795D178F27CA2CEBB45293CFE3B1
        SHA1:F062645E17ED744D6F37A88789F202069FCD2F2A
        SHA-256:07269DDD0AA2A800C1C7A501D9B6ED5A09B743B8A54B1DA2237BAFA232A0DEAA
        SHA-512:D5759D3B05873B6FA1FDD62BF339965EE217B4FE19D585AD3955E8D3FD437C6E8E1D8BF3411E7011A75B59FA1C33FA5F704D5A48C76DEB07563067825A82F479
        Malicious:true
        Antivirus:
        • Antivirus: Avira, Detection: 100%
        • Antivirus: Joe Sandbox ML, Detection: 100%
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K.mSK.mSK.mS$..Si.mS$..SY.mS$..S-.mSB..SX.mSK.lS5.mS$..SJ.mS$..SJ.mS$..SJ.mSRichK.mS........................PE..L...P..V.....................h.......6............@..........................p.......H....@..........................................@.......................P......0...................................@............................................text............................... ..`.rdata..P4.......6..................@..@.data...`2..........................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................

        \Device\Null

        Download File
        Process:C:\Windows\SysWOW64\cmd.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):39
        Entropy (8bit):4.580023372597454
        Encrypted:false
        SSDEEP:3:oNWXp5vSX/ocNyn:oNWXpFSXQcNyn
        MD5:E6FFABCE93BB1A121A9D82AFD3CD57E4
        SHA1:07BA6A65DC0B128CD744AB19AFE924A69095D310
        SHA-256:2F22B6C9ADC737C0FB9DC896111E512633A04F398DFA91539984830A584E7022
        SHA-512:6F7BA36D90588946BE74E4FEE0522DF79A01D764AC7EE3E0E0D084AAF1D2CFE618C2530BFC46CE50D5B9D4CAE99193C2E9CCB3BD4525B7F0A703A574C3644B63
        Malicious:false
        Reputation:low
        Preview:C:\Users\user\Desktop\7rtK9LWbTc.exe..

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):6.29738403146313
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:7rtK9LWbTc.exe
        File size:80'312 bytes
        MD5:d0930dc6939b931c258795a16b59c2cf
        SHA1:1530387224130061e6087f1c57655891a251895e
        SHA256:5cc4012aaf7b2da15f12a47279c9b5c634e8d2daf6e93dff0492cdbc73ba9e7d
        SHA512:6fbd17985aeaf6f1280f3b12a8ac84886f923e93edf876c4081de900e39153843a56e73622e974e812901afec3834eca98f71ef2b6caa0d42f8049d2f6c66cd1
        SSDEEP:1536:nLNIW39SaZTbFARlq7jC1OZstZu0TS3gEdUJCkb0FG5K:nLlbZTZX3BAtTS3gEdUJCkb0FGQ
        TLSH:46738E127290C833E5A2193544B9D7B28A7EBD3376F8D887779407EA1E703D06A3931B
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K.mSK.mSK.mS$..Si.mS$..SY.mS$..S-.mSB..SX.mSK.lS5.mS$..SJ.mS$..SJ.mS$..SJ.mSRichK.mS........................PE..L...P..V...

        File Icon

        Icon Hash:0779608eb2ceca2b

        Static PE Info

        General

        Entrypoint:0x40367f
        Entrypoint Section:.text
        Digitally signed:true
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Time Stamp:0x56AC0450 [Sat Jan 30 00:31:12 2016 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:5
        OS Version Minor:1
        File Version Major:5
        File Version Minor:1
        Subsystem Version Major:5
        Subsystem Version Minor:1
        Import Hash:587bf55eb237bb0ee3c9d753b5b27e23

        Authenticode Signature

        Signature Valid:
        Signature Issuer:
        Signature Validation Error:
        Error Number:
        Not Before, Not After
          Subject Chain
            Version:
            Thumbprint MD5:
            Thumbprint SHA-1:
            Thumbprint SHA-256:
            Serial:

            Entrypoint Preview

            Instruction
            call 00007F2A84902E70h
            jmp 00007F2A848FEAEEh
            mov edi, edi
            push ebp
            mov ebp, esp
            sub esp, 00000328h
            mov dword ptr [004110A8h], eax
            mov dword ptr [004110A4h], ecx
            mov dword ptr [004110A0h], edx
            mov dword ptr [0041109Ch], ebx
            mov dword ptr [00411098h], esi
            mov dword ptr [00411094h], edi
            mov word ptr [004110C0h], ss
            mov word ptr [004110B4h], cs
            mov word ptr [00411090h], ds
            mov word ptr [0041108Ch], es
            mov word ptr [00411088h], fs
            mov word ptr [00411084h], gs
            pushfd
            pop dword ptr [004110B8h]
            mov eax, dword ptr [ebp+00h]
            mov dword ptr [004110ACh], eax
            mov eax, dword ptr [ebp+04h]
            mov dword ptr [004110B0h], eax
            lea eax, dword ptr [ebp+08h]
            mov dword ptr [004110BCh], eax
            mov eax, dword ptr [ebp-00000320h]
            mov dword ptr [00410FF8h], 00010001h
            mov eax, dword ptr [004110B0h]
            mov dword ptr [00410FACh], eax
            mov dword ptr [00410FA0h], C0000409h
            mov dword ptr [00410FA4h], 00000001h
            mov eax, dword ptr [0041003Ch]
            mov dword ptr [ebp-00000328h], eax
            mov eax, dword ptr [00410040h]
            mov dword ptr [ebp-00000324h], eax
            call dword ptr [00000000h]

            Rich Headers

            Programming Language:
            • [C++] VS2010 build 30319
            • [ASM] VS2010 build 30319
            • [ C ] VS2010 build 30319
            • [IMP] VS2008 SP1 build 30729
            • [RES] VS2010 build 30319
            • [LNK] VS2010 build 30319

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xea0c0xc8.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000xbf4.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x11a000x1900
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x150000xaf0.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0xc2300x1c.rdata
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xe4f80x40.rdata
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0xc0000x1f0.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000xac080xae00234eb5dbcff2f9e86366963f4b4e54b4False0.6091954022988506data6.532570610424447IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0xc0000x34500x36002ec05c3954f5ff17a59c2bcd65341562False0.35886863425925924data5.048972656075167IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x100000x32600x1000c1c740263560700f4483e80e3b6f81f7False0.211181640625data2.365191135288967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x140000xbf40xc00f0991e45f8fec6f15ded02b513e73c4eFalse0.3388671875data3.9099047812976093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x150000x15060x16009b3cced7d78100d22773bc775f9d126eFalse0.4266690340909091data4.173697033961006IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x141300x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States0.2434971098265896
            RT_GROUP_ICON0x146980x14dataEnglishUnited States1.1
            RT_VERSION0x146ac0x2e8dataEnglishUnited States0.43951612903225806
            RT_MANIFEST0x149940x25fASCII text, with very long lines (607), with no line terminatorsEnglishUnited States0.43492586490939045

            Imports

            DLLImport
            SHLWAPI.dllStrToIntA, StrChrA, StrStrA
            WS2_32.dllconnect, WSAStartup, gethostname, WSAIoctl, htons, setsockopt, WSACleanup, recv, socket, closesocket, gethostbyname, send, WSAGetLastError
            WININET.dllDeleteUrlCacheEntry
            ADVAPI32.dllRegCloseKey, GetUserNameA, RegOpenKeyExA, RegCreateKeyA, RegQueryValueExA, RegSetValueExA
            urlmon.dllURLOpenBlockingStreamA
            SHELL32.dllShellExecuteA
            USER32.dllwsprintfA
            IPHLPAPI.DLLGetAdaptersInfo
            KERNEL32.dllIsProcessorFeaturePresent, GetStringTypeW, LoadLibraryW, HeapSize, RtlUnwind, SetStdHandle, WriteConsoleW, CreateFileW, FlushFileBuffers, CompareStringW, SetEnvironmentVariableA, LeaveCriticalSection, EnterCriticalSection, GetConsoleMode, GetConsoleCP, SetFilePointer, HeapReAlloc, ExitProcess, GetComputerNameA, CreateFileA, GetFileSize, lstrcmpA, lstrlenA, HeapAlloc, HeapFree, WaitForSingleObject, GetTickCount, GetProcessHeap, WriteFile, GetCommandLineA, GlobalAlloc, Sleep, GetExitCodeProcess, CreateProcessA, TerminateProcess, ReadFile, lstrcatA, CreateDirectoryA, SetCurrentDirectoryA, GetLastError, OpenMutexA, CreatePipe, GetModuleFileNameA, CreateMutexA, GetVersionExA, WinExec, CloseHandle, GetTempPathA, lstrcpyA, GetSystemTimeAsFileTime, HeapSetInformation, GetStartupInfoW, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DecodePointer, EncodePointer, HeapCreate, GetProcAddress, GetModuleHandleW, GetStdHandle, GetModuleFileNameW, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, WideCharToMultiByte, LCMapStringW, MultiByteToWideChar, GetTimeZoneInformation, RaiseException, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetCurrentProcessId

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            Suricata IDS Alerts

            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
            2024-11-01T15:56:25.946305+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349713165.194.123.67443TCP
            2024-11-01T15:56:25.984737+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349717165.194.123.67443TCP
            2024-11-01T15:56:25.986796+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349718165.194.123.67443TCP
            2024-11-01T15:56:25.994165+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349721165.194.123.67443TCP
            2024-11-01T15:56:26.015007+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349732165.194.123.67443TCP
            2024-11-01T15:56:26.018663+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349734165.194.123.67443TCP
            2024-11-01T15:56:26.023901+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349737165.194.123.67443TCP
            2024-11-01T15:56:26.033127+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349742165.194.123.67443TCP
            2024-11-01T15:56:26.039997+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349746165.194.123.67443TCP
            2024-11-01T15:56:26.044060+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.349748165.194.123.67443TCP
            2024-11-01T15:56:43.995773+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.352231TCP
            2024-11-01T15:57:21.114817+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356131165.194.123.67443TCP
            2024-11-01T15:57:22.421563+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356300165.194.123.67443TCP
            2024-11-01T15:57:22.504054+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356344165.194.123.67443TCP
            2024-11-01T15:57:23.649361+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356421165.194.123.67443TCP
            2024-11-01T15:57:24.132928+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.356234TCP
            2024-11-01T15:57:24.992918+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356597165.194.123.67443TCP
            2024-11-01T15:57:26.003800+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356607165.194.123.67443TCP
            2024-11-01T15:57:26.015716+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356614165.194.123.67443TCP
            2024-11-01T15:57:26.043493+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356628165.194.123.67443TCP
            2024-11-01T15:57:26.051501+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356631165.194.123.67443TCP
            2024-11-01T15:57:26.062831+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.356637165.194.123.67443TCP
            2024-11-01T15:58:13.367634+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.361379165.194.123.67443TCP
            2024-11-01T15:58:13.477389+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.361429165.194.123.67443TCP
            2024-11-01T15:58:14.610729+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.361480165.194.123.67443TCP
            2024-11-01T15:58:14.681179+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.361519165.194.123.67443TCP
            2024-11-01T15:58:16.092610+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.361619165.194.123.67443TCP
            2024-11-01T15:58:22.336559+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.362291165.194.123.67443TCP
            2024-11-01T15:58:26.572505+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.362621165.194.123.67443TCP
            2024-11-01T15:58:26.575036+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.362622165.194.123.67443TCP
            2024-11-01T15:58:26.603630+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.362636165.194.123.67443TCP
            2024-11-01T15:58:26.634937+01002824976ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin1192.168.2.362650165.194.123.67443TCP

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Nov 1, 2024 15:56:25.918521881 CET49709443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.918570042 CET44349709165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.918694019 CET49709443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.924536943 CET49709443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.924552917 CET44349709165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.924629927 CET44349709165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.925175905 CET49710443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.925229073 CET44349710165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.925556898 CET49710443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.927565098 CET49710443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.927587986 CET44349710165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.927614927 CET44349710165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.928045988 CET49711443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.928066015 CET44349711165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.928237915 CET49711443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.931265116 CET49711443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.931273937 CET44349711165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.931320906 CET44349711165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.931581974 CET49712443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.931621075 CET44349712165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.931781054 CET49712443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.938544035 CET49712443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.938558102 CET44349712165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.938591957 CET44349712165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.938848972 CET49713443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.938889980 CET44349713165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.939013004 CET49713443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.946305037 CET49713443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.946321964 CET44349713165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.946357965 CET44349713165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.946707010 CET49714443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.946738958 CET44349714165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.946826935 CET49714443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.949321985 CET49714443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.949333906 CET44349714165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.949369907 CET44349714165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.949740887 CET49715443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.949774981 CET44349715165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.949924946 CET49715443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.979332924 CET49715443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.979346991 CET44349715165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.979427099 CET44349715165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.980020046 CET49716443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.980043888 CET44349716165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.980237007 CET49716443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.982386112 CET49716443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.982398987 CET44349716165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.982429028 CET44349716165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.982733965 CET49717443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.982781887 CET44349717165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.982896090 CET49717443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.984736919 CET49717443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.984752893 CET44349717165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.984777927 CET44349717165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.985043049 CET49718443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.985055923 CET44349718165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.985130072 CET49718443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.986795902 CET49718443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.986807108 CET44349718165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.986834049 CET44349718165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.987102985 CET49719443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.987118959 CET44349719165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.987627029 CET49719443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.989989042 CET49719443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.990004063 CET44349719165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.990026951 CET44349719165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.990325928 CET49720443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.990361929 CET44349720165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.990665913 CET49720443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.992141008 CET49720443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.992157936 CET44349720165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.992178917 CET44349720165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.992436886 CET49721443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.992470026 CET44349721165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.992541075 CET49721443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.994164944 CET49721443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.994182110 CET44349721165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.994201899 CET44349721165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.994688988 CET49722443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.994699955 CET44349722165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.994777918 CET49722443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.996228933 CET49722443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.996241093 CET44349722165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.996262074 CET44349722165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.996541023 CET49723443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.996551991 CET44349723165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.996632099 CET49723443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.998011112 CET49723443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.998023033 CET44349723165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.998042107 CET44349723165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.998332024 CET49724443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.998375893 CET44349724165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.998456001 CET49724443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.999885082 CET49724443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:25.999907017 CET44349724165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:25.999928951 CET44349724165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.000164032 CET49725443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.000185966 CET44349725165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.000322104 CET49725443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.001678944 CET49725443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.001693010 CET44349725165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.001719952 CET44349725165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.001966000 CET49726443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.001986980 CET44349726165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.002080917 CET49726443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.003567934 CET49726443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.003582954 CET44349726165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.003607035 CET44349726165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.003912926 CET49727443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.003921986 CET44349727165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.003985882 CET49727443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.005850077 CET49727443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.005865097 CET44349727165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.005887032 CET44349727165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.006131887 CET49728443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.006140947 CET44349728165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.006237030 CET49728443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.007658958 CET49728443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.007669926 CET44349728165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.007694960 CET44349728165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.007952929 CET49729443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.007966995 CET44349729165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.008173943 CET49729443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.009429932 CET49729443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.009443045 CET44349729165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.009464979 CET44349729165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.009706020 CET49730443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.009720087 CET44349730165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.009793997 CET49730443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.011301994 CET49730443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.011318922 CET44349730165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.011349916 CET44349730165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.011585951 CET49731443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.011599064 CET44349731165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.012938976 CET49731443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.013164043 CET49731443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.013176918 CET44349731165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.013212919 CET44349731165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.013480902 CET49732443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.013509989 CET44349732165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.013576031 CET49732443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.015007019 CET49732443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.015022993 CET44349732165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.015052080 CET44349732165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.015289068 CET49733443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.015324116 CET44349733165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.015387058 CET49733443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.016819954 CET49733443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.016833067 CET44349733165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.016854048 CET44349733165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.017095089 CET49734443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.017107964 CET44349734165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.018662930 CET49734443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.018662930 CET49734443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.018688917 CET44349734165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.018734932 CET44349734165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.018964052 CET49735443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.018980026 CET44349735165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.019043922 CET49735443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.020412922 CET49735443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.020428896 CET44349735165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.020453930 CET44349735165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.020682096 CET49736443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.020713091 CET44349736165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.020776033 CET49736443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.022150993 CET49736443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.022166967 CET44349736165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.022193909 CET44349736165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.022408009 CET49737443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.022444010 CET44349737165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.022507906 CET49737443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.023900986 CET49737443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.023920059 CET44349737165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.023941994 CET44349737165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.024197102 CET49738443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.024214029 CET44349738165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.024271011 CET49738443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.025798082 CET49738443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.025814056 CET44349738165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.025836945 CET44349738165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.026242971 CET49739443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.026252985 CET44349739165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.026310921 CET49739443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.027755976 CET49739443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.027767897 CET44349739165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.027795076 CET44349739165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.028027058 CET49740443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.028059959 CET44349740165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.028121948 CET49740443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.029572010 CET49740443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.029583931 CET44349740165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.029608965 CET44349740165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.029839039 CET49741443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.029858112 CET44349741165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.029915094 CET49741443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.031287909 CET49741443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.031302929 CET44349741165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.031358957 CET44349741165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.031590939 CET49742443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.031605005 CET44349742165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.031667948 CET49742443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.033127069 CET49742443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.033142090 CET44349742165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.033164978 CET44349742165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.033380032 CET49743443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.033389091 CET44349743165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.033446074 CET49743443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.034842968 CET49743443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.034851074 CET44349743165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.034883022 CET44349743165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.035115957 CET49744443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.035125971 CET44349744165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.035187960 CET49744443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.036540985 CET49744443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.036552906 CET44349744165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.036580086 CET44349744165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.036798000 CET49745443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.036823034 CET44349745165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.036885977 CET49745443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.038310051 CET49745443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.038322926 CET44349745165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.038343906 CET44349745165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.038567066 CET49746443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.038579941 CET44349746165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.038640976 CET49746443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.039997101 CET49746443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.040008068 CET44349746165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.040033102 CET44349746165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.040255070 CET49747443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.040266991 CET44349747165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.040328026 CET49747443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.042004108 CET49747443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.042017937 CET44349747165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.042037964 CET44349747165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.042303085 CET49748443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.042314053 CET44349748165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.042387962 CET49748443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.044059992 CET49748443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.044071913 CET44349748165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.044095993 CET44349748165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.044359922 CET49749443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.044378996 CET44349749165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.044441938 CET49749443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.045999050 CET49749443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.046013117 CET44349749165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.046036959 CET44349749165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.046287060 CET49750443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.046302080 CET44349750165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.046370983 CET49750443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.047820091 CET49750443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.047832966 CET44349750165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.047857046 CET44349750165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.048079967 CET49751443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.048091888 CET44349751165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.048151970 CET49751443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.049537897 CET49751443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.049550056 CET44349751165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.049570084 CET44349751165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.049808979 CET49752443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.049830914 CET44349752165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.049900055 CET49752443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.051309109 CET49752443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.051327944 CET44349752165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.051351070 CET44349752165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.051578999 CET49753443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.051603079 CET44349753165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.051692963 CET49753443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.053019047 CET49753443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.053031921 CET44349753165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.053056955 CET44349753165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.053325891 CET49754443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.053340912 CET44349754165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.053433895 CET49754443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.054857969 CET49754443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.054872990 CET44349754165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.054894924 CET44349754165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.055130959 CET49755443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.055140018 CET44349755165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.055222988 CET49755443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.056611061 CET49755443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.056617975 CET44349755165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.056636095 CET44349755165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.056936979 CET49756443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.056955099 CET44349756165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.057020903 CET49756443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.058558941 CET49756443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.058573008 CET44349756165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.058594942 CET44349756165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.059036016 CET49757443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.059052944 CET44349757165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.059195995 CET49757443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.060602903 CET49757443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.060616970 CET44349757165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.060637951 CET44349757165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.060873985 CET49758443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.060883045 CET44349758165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.060944080 CET49758443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.062355995 CET49758443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.062370062 CET44349758165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.062390089 CET44349758165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.062630892 CET49759443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.062639952 CET44349759165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.062712908 CET49759443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.064078093 CET49759443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.064088106 CET44349759165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.064110994 CET44349759165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.064337969 CET49760443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.064356089 CET44349760165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.064893007 CET49760443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.065829039 CET49760443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.065848112 CET44349760165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.065870047 CET44349760165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.066093922 CET49761443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.066108942 CET44349761165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.066210985 CET49761443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.067549944 CET49761443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.067564964 CET44349761165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.067584038 CET44349761165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.067804098 CET49762443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.067812920 CET44349762165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.067903042 CET49762443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.069263935 CET49762443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.069276094 CET44349762165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.069298029 CET44349762165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.069528103 CET49763443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.069536924 CET44349763165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.069598913 CET49763443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.071014881 CET49763443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.071026087 CET44349763165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.071043968 CET44349763165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.071268082 CET49764443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.071295977 CET44349764165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.071361065 CET49764443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.072864056 CET49764443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.072876930 CET44349764165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.072902918 CET44349764165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.073174953 CET49765443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.073185921 CET44349765165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.073247910 CET49765443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.074676991 CET49765443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.074692965 CET44349765165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.074713945 CET44349765165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.074949980 CET49766443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.074959040 CET44349766165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.075016975 CET49766443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.076447964 CET49766443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.076458931 CET44349766165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.076484919 CET44349766165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.076723099 CET49767443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.076731920 CET44349767165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.076792002 CET49767443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.078161001 CET49767443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.078175068 CET44349767165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.078193903 CET44349767165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.078443050 CET49768443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.078453064 CET44349768165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.078586102 CET49768443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.084673882 CET49768443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.084686041 CET44349768165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.084717035 CET44349768165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.085133076 CET49769443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.085153103 CET44349769165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.085220098 CET49769443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.087132931 CET49769443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.087147951 CET44349769165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.087182045 CET44349769165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.087486029 CET49770443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.087496996 CET44349770165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.087589025 CET49770443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.089198112 CET49770443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.089210987 CET44349770165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.089237928 CET44349770165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.089534998 CET49771443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.089549065 CET44349771165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.089631081 CET49771443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.091125965 CET49771443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.091139078 CET44349771165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.091161013 CET44349771165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.091397047 CET49772443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.091425896 CET44349772165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.091494083 CET49772443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.092983961 CET49772443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.092998981 CET44349772165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.093020916 CET44349772165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.093257904 CET49773443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.093274117 CET44349773165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.093362093 CET49773443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.094790936 CET49773443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.094808102 CET44349773165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.094831944 CET44349773165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.095069885 CET49774443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.095083952 CET44349774165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.095149994 CET49774443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.096600056 CET49774443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.096616030 CET44349774165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.096637964 CET44349774165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.096874952 CET49775443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.096889019 CET44349775165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.097084045 CET49775443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.098479986 CET49775443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.098494053 CET44349775165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.098519087 CET44349775165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.098808050 CET49776443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.098819971 CET44349776165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.098886013 CET49776443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.100305080 CET49776443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.100317955 CET44349776165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.100344896 CET44349776165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.100586891 CET49777443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.100600004 CET44349777165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.100661039 CET49777443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.102132082 CET49777443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.102144003 CET44349777165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.102168083 CET44349777165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.102473021 CET49778443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.102482080 CET44349778165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.102554083 CET49778443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.104007006 CET49778443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.104018927 CET44349778165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.104041100 CET44349778165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.104270935 CET49779443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.104281902 CET44349779165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.104355097 CET49779443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.105778933 CET49779443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.105791092 CET44349779165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.105812073 CET44349779165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.106081009 CET49780443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.106096983 CET44349780165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.106157064 CET49780443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.107726097 CET49780443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.107738972 CET44349780165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.107763052 CET44349780165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.108020067 CET49781443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.108042955 CET44349781165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.108094931 CET49781443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.109596968 CET49781443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.109611988 CET44349781165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.109630108 CET44349781165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.109889984 CET49782443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.109901905 CET44349782165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.109982014 CET49782443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.111840963 CET49782443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.111854076 CET44349782165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.111872911 CET44349782165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.112169981 CET49783443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.112199068 CET44349783165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.112258911 CET49783443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.113862991 CET49783443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.113878012 CET44349783165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.113898993 CET44349783165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.114167929 CET49784443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.114200115 CET44349784165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.114279032 CET49784443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.115772009 CET49784443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.115787029 CET44349784165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.115806103 CET44349784165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.116028070 CET49785443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.116039991 CET44349785165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.116107941 CET49785443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.117556095 CET49785443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.117567062 CET44349785165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.117590904 CET44349785165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.117847919 CET49786443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.117857933 CET44349786165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.117917061 CET49786443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.119513035 CET49786443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.119525909 CET44349786165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.119544983 CET44349786165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.119784117 CET49787443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.119792938 CET44349787165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.119839907 CET49787443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.121316910 CET49787443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.121329069 CET44349787165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.121351004 CET44349787165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.121578932 CET49788443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.121596098 CET44349788165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.121646881 CET49788443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.123083115 CET49788443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.123095036 CET44349788165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.123116016 CET44349788165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.123336077 CET49789443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.123347998 CET44349789165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.123403072 CET49789443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.124828100 CET49789443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.124840021 CET44349789165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.124865055 CET44349789165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.125143051 CET49790443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.125154018 CET44349790165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.125211954 CET49790443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.126655102 CET49790443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.126666069 CET44349790165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.126687050 CET44349790165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.126913071 CET49791443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.126921892 CET44349791165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.126980066 CET49791443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.128622055 CET49791443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.128633022 CET44349791165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.128660917 CET44349791165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.128936052 CET49792443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.128953934 CET44349792165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.129010916 CET49792443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.130522966 CET49792443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.130537033 CET44349792165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.130558968 CET44349792165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.130842924 CET49793443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.130857944 CET44349793165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.130929947 CET49793443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.132492065 CET49793443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.132502079 CET44349793165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.132524014 CET44349793165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.132863998 CET49794443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.132875919 CET44349794165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.132929087 CET49794443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.134474993 CET49794443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.134486914 CET44349794165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.134505033 CET44349794165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.134732962 CET49795443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.134742022 CET44349795165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.134799004 CET49795443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.136328936 CET49795443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.136338949 CET44349795165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.136360884 CET44349795165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.136637926 CET49796443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.136651039 CET44349796165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.136706114 CET49796443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.138186932 CET49796443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.138199091 CET44349796165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.138220072 CET44349796165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.138425112 CET49797443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.138441086 CET44349797165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.138494968 CET49797443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.139946938 CET49797443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.139961958 CET44349797165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.139995098 CET44349797165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.140244007 CET49798443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.140275002 CET44349798165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.140327930 CET49798443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.141801119 CET49798443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.141813993 CET44349798165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.141836882 CET44349798165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.142038107 CET49799443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.142049074 CET44349799165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.142105103 CET49799443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.143917084 CET49799443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.143929005 CET44349799165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.143954039 CET44349799165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.144251108 CET49800443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.144282103 CET44349800165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.144354105 CET49800443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.145880938 CET49800443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.145899057 CET44349800165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.145917892 CET44349800165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.146146059 CET49801443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.146173954 CET44349801165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.146274090 CET49801443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.147708893 CET49801443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.147723913 CET44349801165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.147747993 CET44349801165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.148101091 CET49802443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.148113012 CET44349802165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.148199081 CET49802443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.149801016 CET49802443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.149812937 CET44349802165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.149832010 CET44349802165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.150084972 CET49803443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.150095940 CET44349803165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.150199890 CET49803443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.151669979 CET49803443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.151680946 CET44349803165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.151705980 CET44349803165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.151962042 CET49804443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.151987076 CET44349804165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.152060986 CET49804443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.153898954 CET49804443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.153912067 CET44349804165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.153932095 CET44349804165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.154150963 CET49805443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.154180050 CET44349805165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.154228926 CET49805443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.155719042 CET49805443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.155733109 CET44349805165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.155755043 CET44349805165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.155999899 CET49806443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.156009912 CET44349806165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.156079054 CET49806443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.157608032 CET49806443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.157620907 CET44349806165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.157641888 CET44349806165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.157849073 CET49807443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.157860994 CET44349807165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.157912970 CET49807443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.159404039 CET49807443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.159431934 CET44349807165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.159451962 CET44349807165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.159734964 CET49808443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.159744978 CET44349808165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.159799099 CET49808443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.161263943 CET49808443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.161278009 CET44349808165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.161300898 CET44349808165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.161578894 CET49809443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.161591053 CET44349809165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.161701918 CET49809443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.163283110 CET49809443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.163295984 CET44349809165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.163328886 CET44349809165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.163563967 CET49810443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.163574934 CET44349810165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.163629055 CET49810443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.165085077 CET49810443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.165097952 CET44349810165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.165118933 CET44349810165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.165672064 CET49811443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.165683031 CET44349811165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.165769100 CET49811443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.167700052 CET49811443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.167712927 CET44349811165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.167731047 CET44349811165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.167965889 CET49812443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.167975903 CET44349812165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.168026924 CET49812443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.169523954 CET49812443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.169538021 CET44349812165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.169558048 CET44349812165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.169785023 CET49813443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.169797897 CET44349813165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.169866085 CET49813443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.171288013 CET49813443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.171299934 CET44349813165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.171338081 CET44349813165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.171567917 CET49814443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.171580076 CET44349814165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.171655893 CET49814443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.173099995 CET49814443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.173115969 CET44349814165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.173136950 CET44349814165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.173356056 CET49815443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.173366070 CET44349815165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.173423052 CET49815443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.174874067 CET49815443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.174886942 CET44349815165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.174906015 CET44349815165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.175128937 CET49816443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.175179958 CET44349816165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.175232887 CET49816443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.176644087 CET49816443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.176661015 CET44349816165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.176683903 CET44349816165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.176898003 CET49817443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.176924944 CET44349817165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.176979065 CET49817443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.178774118 CET49817443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.178787947 CET44349817165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.178808928 CET44349817165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.179032087 CET49818443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.179044962 CET44349818165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.179097891 CET49818443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.180497885 CET49818443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.180510044 CET44349818165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.180536985 CET44349818165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.180740118 CET49819443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.180749893 CET44349819165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.180809021 CET49819443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.182284117 CET49819443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.182296991 CET44349819165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.182318926 CET44349819165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.182569981 CET49820443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.182586908 CET44349820165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.182636023 CET49820443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.184463024 CET49820443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.184475899 CET44349820165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.184500933 CET44349820165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.184736967 CET49821443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.184753895 CET44349821165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.184814930 CET49821443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.186299086 CET49821443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.186312914 CET44349821165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.186336040 CET44349821165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.186572075 CET49822443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.186579943 CET44349822165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.186639071 CET49822443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.188313007 CET49822443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.188323975 CET44349822165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.188349962 CET44349822165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.188574076 CET49823443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.188590050 CET44349823165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.188643932 CET49823443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.190140009 CET49823443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.190159082 CET44349823165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.190177917 CET44349823165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.190713882 CET49824443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.190740108 CET44349824165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.190862894 CET49824443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.192327023 CET49824443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.192338943 CET44349824165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.192363024 CET44349824165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.192671061 CET49825443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.192684889 CET44349825165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.192758083 CET49825443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.194202900 CET49825443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.194216967 CET44349825165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.194238901 CET44349825165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.194458961 CET49826443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.194468975 CET44349826165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.194526911 CET49826443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.196067095 CET49826443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.196078062 CET44349826165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.196103096 CET44349826165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.196392059 CET49827443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.196400881 CET44349827165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.196481943 CET49827443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.198601961 CET49827443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.198615074 CET44349827165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.198637962 CET44349827165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.198899984 CET49828443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.198925018 CET44349828165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.198983908 CET49828443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.201584101 CET49828443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.201597929 CET44349828165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.201625109 CET44349828165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.201894045 CET49829443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.201910973 CET44349829165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.202039957 CET49829443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.203742027 CET49829443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.203767061 CET44349829165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.203792095 CET44349829165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.204026937 CET49830443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.204041958 CET44349830165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.204112053 CET49830443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.205511093 CET49830443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.205526114 CET44349830165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.205545902 CET44349830165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.205807924 CET49831443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.205821037 CET44349831165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.205869913 CET49831443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.207293987 CET49831443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.207305908 CET44349831165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.207329035 CET44349831165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.207541943 CET49832443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.207583904 CET44349832165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.207659006 CET49832443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.209038973 CET49832443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.209072113 CET44349832165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.209090948 CET44349832165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.209300041 CET49833443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.209321022 CET44349833165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.209372044 CET49833443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.210760117 CET49833443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.210773945 CET44349833165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.210794926 CET44349833165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.211026907 CET49834443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.211061954 CET44349834165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.211108923 CET49834443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.212508917 CET49834443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.212551117 CET44349834165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.212569952 CET44349834165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.212785006 CET49835443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.212800026 CET44349835165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.212851048 CET49835443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.214837074 CET49835443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.214852095 CET44349835165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.214873075 CET44349835165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.215126991 CET49836443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.215140104 CET44349836165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.215198994 CET49836443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.217039108 CET49836443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.217051029 CET44349836165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.217084885 CET44349836165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.217353106 CET49837443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.217382908 CET44349837165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.217442036 CET49837443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.218956947 CET49837443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.218971014 CET44349837165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.218995094 CET44349837165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.219228029 CET49838443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.219237089 CET44349838165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.219290018 CET49838443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.221199036 CET49838443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.221210003 CET44349838165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.221235037 CET44349838165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.221486092 CET49839443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.221503973 CET44349839165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.221581936 CET49839443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.223113060 CET49839443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.223126888 CET44349839165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.223150969 CET44349839165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.223403931 CET49840443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.223433018 CET44349840165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.223501921 CET49840443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.225011110 CET49840443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.225023985 CET44349840165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.225044966 CET44349840165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.225271940 CET49841443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.225327969 CET44349841165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.225389004 CET49841443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.227175951 CET49841443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.227206945 CET44349841165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.227229118 CET44349841165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.227483988 CET49842443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.227499962 CET44349842165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.227555037 CET49842443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.233010054 CET49842443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.233023882 CET44349842165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.233094931 CET44349842165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.233345985 CET49843443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.233393908 CET44349843165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.233488083 CET49843443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.235008001 CET49843443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.235044003 CET44349843165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.235080004 CET44349843165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.235344887 CET49844443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.235366106 CET44349844165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.235420942 CET49844443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.237231970 CET49844443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.237245083 CET44349844165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.237267017 CET44349844165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.237799883 CET49845443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.237828016 CET44349845165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.237893105 CET49845443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.239381075 CET49845443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.239392042 CET44349845165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.239424944 CET44349845165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.239655972 CET49846443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.239665985 CET44349846165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.239723921 CET49846443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.241349936 CET49846443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.241364002 CET44349846165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.241386890 CET44349846165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.241647959 CET49847443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.241662025 CET44349847165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.241714954 CET49847443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.243222952 CET49847443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.243237972 CET44349847165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.243263960 CET44349847165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.243520021 CET49848443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.243549109 CET44349848165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.243716955 CET49848443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.245291948 CET49848443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.245305061 CET44349848165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.245327950 CET44349848165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.245572090 CET49849443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.245595932 CET44349849165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.245724916 CET49849443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.247956038 CET49849443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.247968912 CET44349849165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.247993946 CET44349849165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.248869896 CET49850443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.248881102 CET44349850165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.248950958 CET49850443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.250387907 CET49850443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.250400066 CET44349850165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.250433922 CET44349850165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.250653982 CET49851443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.250663996 CET44349851165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.250727892 CET49851443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.252188921 CET49851443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.252199888 CET44349851165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.252223969 CET44349851165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.252458096 CET49852443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.252502918 CET44349852165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.252671003 CET49852443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.253947020 CET49852443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.253962994 CET44349852165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.253983021 CET44349852165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.254189014 CET49853443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.254218102 CET44349853165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.254329920 CET49853443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.255625010 CET49853443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.255641937 CET44349853165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.255662918 CET44349853165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.255908012 CET49854443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.255918980 CET44349854165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.255970955 CET49854443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.257333994 CET49854443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.257345915 CET44349854165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.257368088 CET44349854165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.257555962 CET49855443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.257576942 CET44349855165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.257626057 CET49855443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.258965969 CET49855443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.258982897 CET44349855165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.259004116 CET44349855165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.259418964 CET49856443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.259440899 CET44349856165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.259493113 CET49856443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.306211948 CET49856443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.306248903 CET44349856165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.306288958 CET44349856165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.306993961 CET49857443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.307043076 CET44349857165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.307121992 CET49857443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.308876991 CET49857443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.308892965 CET44349857165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.308921099 CET44349857165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.309211016 CET49858443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.309252024 CET44349858165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.309312105 CET49858443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.311379910 CET49858443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.311393976 CET44349858165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.311418056 CET44349858165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.311655998 CET49859443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.311667919 CET44349859165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.311748028 CET49859443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.313249111 CET49859443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.313263893 CET44349859165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.313288927 CET44349859165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.313571930 CET49860443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.313607931 CET44349860165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.313735962 CET49860443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.315295935 CET49860443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.315310001 CET44349860165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.315336943 CET44349860165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.315588951 CET49861443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.315617085 CET44349861165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.315701008 CET49861443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.317256927 CET49861443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.317272902 CET44349861165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.317293882 CET44349861165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.317625999 CET49862443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.317639112 CET44349862165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.317744017 CET49862443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.319205046 CET49862443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.319216967 CET44349862165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.319240093 CET44349862165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.319516897 CET49863443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.319525957 CET44349863165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.319627047 CET49863443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.321118116 CET49863443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.321130037 CET44349863165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.321151018 CET44349863165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.321384907 CET49864443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.321429968 CET44349864165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.321490049 CET49864443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.323324919 CET49864443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.323339939 CET44349864165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.323367119 CET44349864165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.323645115 CET49865443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.323678017 CET44349865165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.323760986 CET49865443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.331335068 CET49865443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.331350088 CET44349865165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.331373930 CET44349865165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.331654072 CET49866443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.331681013 CET44349866165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.331764936 CET49866443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.333260059 CET49866443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.333276987 CET44349866165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.333297014 CET44349866165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.333530903 CET49867443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.333547115 CET44349867165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.333602905 CET49867443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.335110903 CET49867443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.335123062 CET44349867165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.335144997 CET44349867165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.335668087 CET49868443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.335706949 CET44349868165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.335767031 CET49868443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.337382078 CET49868443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.337393999 CET44349868165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.337414026 CET44349868165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.337641954 CET49869443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.337690115 CET44349869165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.337755919 CET49869443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.339530945 CET49869443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.339544058 CET44349869165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.339560032 CET44349869165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.339787960 CET49870443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.339799881 CET44349870165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.339854956 CET49870443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.341231108 CET49870443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.341243029 CET44349870165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.341265917 CET44349870165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.341514111 CET49871443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.341535091 CET44349871165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.341588974 CET49871443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.343004942 CET49871443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.343024969 CET44349871165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.343046904 CET44349871165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.343262911 CET49872443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.343276024 CET44349872165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.343337059 CET49872443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.344780922 CET49872443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.344793081 CET44349872165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.344814062 CET44349872165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.345082998 CET49873443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.345107079 CET44349873165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.345166922 CET49873443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.346784115 CET49873443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.346796989 CET44349873165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.346821070 CET44349873165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.347079992 CET49874443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.347089052 CET44349874165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.347145081 CET49874443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.348871946 CET49874443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.348882914 CET44349874165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.348906040 CET44349874165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.349136114 CET49875443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.349148989 CET44349875165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.349199057 CET49875443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.350703955 CET49875443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.350717068 CET44349875165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.350743055 CET44349875165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.350999117 CET49876443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.351015091 CET44349876165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.351070881 CET49876443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.352564096 CET49876443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.352580070 CET44349876165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.352602005 CET44349876165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.352833986 CET49877443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.352853060 CET44349877165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.352905035 CET49877443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.355043888 CET49877443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.355056047 CET44349877165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.355082989 CET44349877165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.355346918 CET49878443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.355369091 CET44349878165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.355448008 CET49878443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.356904030 CET49878443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.356921911 CET44349878165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.356952906 CET44349878165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.357157946 CET49879443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.357172012 CET44349879165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.357224941 CET49879443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.358664036 CET49879443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.358674049 CET44349879165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.358700037 CET44349879165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.358987093 CET49880443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.359030008 CET44349880165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.359102964 CET49880443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.360858917 CET49880443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.360878944 CET44349880165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.360903978 CET44349880165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.361160040 CET49881443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.361206055 CET44349881165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.361341953 CET49881443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.362921953 CET49881443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.362937927 CET44349881165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.362960100 CET44349881165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.363250971 CET49882443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.363265991 CET44349882165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.363334894 CET49882443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.364867926 CET49882443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.364882946 CET44349882165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.364907026 CET44349882165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.365175009 CET49883443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.365191936 CET44349883165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.365253925 CET49883443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.366975069 CET49883443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.366988897 CET44349883165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.367022991 CET44349883165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.367299080 CET49884443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.367328882 CET44349884165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.367379904 CET49884443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.368927956 CET49884443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.368942022 CET44349884165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.368973970 CET44349884165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.369242907 CET49885443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.369271040 CET44349885165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.369399071 CET49885443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.371304989 CET49885443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.371323109 CET44349885165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.371354103 CET44349885165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.371635914 CET49886443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.371649981 CET44349886165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.371726036 CET49886443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.373183012 CET49886443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.373203039 CET44349886165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.373220921 CET44349886165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.373485088 CET49887443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.373496056 CET44349887165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.373586893 CET49887443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.375093937 CET49887443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.375104904 CET44349887165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.375129938 CET44349887165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.375380993 CET49888443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.375406027 CET44349888165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.375468016 CET49888443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.376986027 CET49888443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.376998901 CET44349888165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.377019882 CET44349888165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.377264977 CET49889443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.377284050 CET44349889165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.377343893 CET49889443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.379134893 CET49889443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.379147053 CET44349889165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.379174948 CET44349889165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.379472017 CET49890443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.379486084 CET44349890165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.379540920 CET49890443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.381304979 CET49890443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.381320000 CET44349890165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.381342888 CET44349890165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.381561041 CET49891443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.381570101 CET44349891165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.381624937 CET49891443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.383126020 CET49891443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.383137941 CET44349891165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.383167982 CET44349891165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.383426905 CET49892443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.383452892 CET44349892165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.383548021 CET49892443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.385163069 CET49892443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.385174036 CET44349892165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.385196924 CET44349892165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.385425091 CET49893443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.385442972 CET44349893165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.385499954 CET49893443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.387316942 CET49893443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.387325048 CET44349893165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.387362957 CET44349893165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.387619019 CET49894443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.387630939 CET44349894165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.387700081 CET49894443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.389211893 CET49894443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.389224052 CET44349894165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.389262915 CET44349894165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.389825106 CET49895443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.389837027 CET44349895165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.389951944 CET49895443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.391422033 CET49895443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.391433001 CET44349895165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.391462088 CET44349895165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.391725063 CET49896443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.391748905 CET44349896165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.391830921 CET49896443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.393373013 CET49896443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.393387079 CET44349896165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.393409014 CET44349896165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.393656969 CET49897443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.393686056 CET44349897165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.393755913 CET49897443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.395201921 CET49897443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.395216942 CET44349897165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.395241022 CET44349897165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.395555973 CET49898443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.395567894 CET44349898165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.395673037 CET49898443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.397156954 CET49898443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.397169113 CET44349898165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.397191048 CET44349898165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.397411108 CET49899443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.397433043 CET44349899165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.397490025 CET49899443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.399008989 CET49899443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.399024963 CET44349899165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.399049044 CET44349899165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.399418116 CET49900443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.399432898 CET44349900165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.399502993 CET49900443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.402134895 CET49900443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.402149916 CET44349900165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.402189016 CET44349900165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.402479887 CET49901443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.402499914 CET44349901165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.402553082 CET49901443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.405081034 CET49901443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.405096054 CET44349901165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.405122995 CET44349901165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.405416965 CET49902443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.405432940 CET44349902165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.405555964 CET49902443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.407711029 CET49902443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.407726049 CET44349902165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.407748938 CET44349902165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.408023119 CET49903443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.408034086 CET44349903165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.408117056 CET49903443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.409693003 CET49903443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.409706116 CET44349903165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.409739971 CET44349903165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.410034895 CET49904443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.410063028 CET44349904165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.410123110 CET49904443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.411576986 CET49904443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.411591053 CET44349904165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.411612988 CET44349904165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.411859989 CET49905443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.411884069 CET44349905165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.412061930 CET49905443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.413352966 CET49905443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.413366079 CET44349905165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.413388014 CET44349905165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.413606882 CET49906443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.413615942 CET44349906165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.413670063 CET49906443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.415081978 CET49906443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.415095091 CET44349906165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.415117025 CET44349906165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.415627956 CET49907443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.415638924 CET44349907165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.415704012 CET49907443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.417323112 CET49907443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.417336941 CET44349907165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.417362928 CET44349907165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.417587996 CET49908443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.417598963 CET44349908165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.417668104 CET49908443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.419069052 CET49908443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.419080019 CET44349908165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.419106007 CET44349908165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.419317007 CET49909443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.419329882 CET44349909165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.419383049 CET49909443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.420747042 CET49909443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.420759916 CET44349909165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.420782089 CET44349909165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.421010017 CET49910443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.421020031 CET44349910165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.421072960 CET49910443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.422491074 CET49910443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.422499895 CET44349910165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.422796965 CET44349910165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.423058033 CET49911443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.423069000 CET44349911165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.423167944 CET49911443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.424525023 CET49911443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.424540043 CET44349911165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.424566031 CET44349911165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.424783945 CET49912443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.424798965 CET44349912165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.424855947 CET49912443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.426295996 CET49912443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.426306963 CET44349912165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.426326990 CET44349912165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.426534891 CET49913443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.426567078 CET44349913165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.426623106 CET49913443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.428759098 CET49913443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.428776026 CET44349913165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.428795099 CET44349913165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.429033995 CET49914443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.429047108 CET44349914165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.429100037 CET49914443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.430524111 CET49914443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.430533886 CET44349914165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.430552006 CET44349914165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.430763960 CET49915443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.430780888 CET44349915165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.430834055 CET49915443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.432979107 CET49915443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.432992935 CET44349915165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.433013916 CET44349915165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.433279991 CET49916443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.433291912 CET44349916165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.433336973 CET49916443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.434905052 CET49916443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.434916019 CET44349916165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.434937000 CET44349916165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.435206890 CET49917443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.435226917 CET44349917165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.435280085 CET49917443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.436778069 CET49917443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.436790943 CET44349917165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.436813116 CET44349917165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.437053919 CET49918443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.437062025 CET44349918165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.437114000 CET49918443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.438565016 CET49918443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.438575029 CET44349918165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.438592911 CET44349918165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.438806057 CET49919443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.438816071 CET44349919165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.438870907 CET49919443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.440638065 CET49919443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.440651894 CET44349919165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.440674067 CET44349919165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.440910101 CET49920443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.440937996 CET44349920165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.440990925 CET49920443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.442461014 CET49920443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.442472935 CET44349920165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.442553043 CET44349920165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.442827940 CET49921443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.442845106 CET44349921165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.442950964 CET49921443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.444355965 CET49921443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.444367886 CET44349921165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.444418907 CET44349921165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.444645882 CET49922443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.444659948 CET44349922165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.444708109 CET49922443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.446187019 CET49922443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.446197987 CET44349922165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.446283102 CET44349922165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.446538925 CET49923443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.446548939 CET44349923165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.446770906 CET49923443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.448380947 CET49923443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.448393106 CET44349923165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.448455095 CET44349923165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.448714018 CET49924443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.448731899 CET44349924165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.448834896 CET49924443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.450295925 CET49924443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.450306892 CET44349924165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.450337887 CET44349924165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.450555086 CET49925443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.450570107 CET44349925165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.450627089 CET49925443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.452372074 CET49925443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.452389956 CET44349925165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.452410936 CET44349925165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.452660084 CET49926443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.452676058 CET44349926165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.452758074 CET49926443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.454219103 CET49926443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.454229116 CET44349926165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.454305887 CET44349926165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.454567909 CET49927443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.454586983 CET44349927165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.454664946 CET49927443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.456131935 CET49927443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.456151009 CET44349927165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.456171036 CET44349927165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.456396103 CET49928443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.456409931 CET44349928165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.456465960 CET49928443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.458086967 CET49928443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.458096027 CET44349928165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.458223104 CET44349928165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.458466053 CET49929443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.458488941 CET44349929165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.458549976 CET49929443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.459969044 CET49929443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.459983110 CET44349929165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.460030079 CET44349929165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.460256100 CET49930443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.460267067 CET44349930165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.460323095 CET49930443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.461715937 CET49930443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.461734056 CET44349930165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.461791039 CET44349930165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.462167978 CET49931443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.462179899 CET44349931165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.462228060 CET49931443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.464378119 CET49931443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.464391947 CET44349931165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.464421034 CET44349931165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.464653969 CET49932443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.464663982 CET44349932165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.464715004 CET49932443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.466104031 CET49932443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.466111898 CET44349932165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.466130018 CET44349932165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.466335058 CET49933443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.466368914 CET44349933165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.466443062 CET49933443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.467889071 CET49933443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.467902899 CET44349933165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.467931032 CET44349933165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.468178988 CET49934443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.468188047 CET44349934165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.468236923 CET49934443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.469913006 CET49934443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.469926119 CET44349934165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.469949007 CET44349934165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.470185041 CET49935443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.470196962 CET44349935165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.470278978 CET49935443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.471800089 CET49935443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.471813917 CET44349935165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.471843004 CET44349935165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.472064972 CET49936443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.472079039 CET44349936165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.472136974 CET49936443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.473611116 CET49936443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.473623991 CET44349936165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.473653078 CET44349936165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.473871946 CET49937443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.473884106 CET44349937165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.473938942 CET49937443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.475656986 CET49937443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.475667953 CET44349937165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.475697041 CET44349937165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.475929022 CET49938443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.475939989 CET44349938165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.475991964 CET49938443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.477714062 CET49938443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.477726936 CET44349938165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.477775097 CET44349938165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.477993011 CET49939443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.478002071 CET44349939165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.478058100 CET49939443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.479531050 CET49939443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.479541063 CET44349939165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.479571104 CET44349939165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.479794979 CET49940443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.479809046 CET44349940165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.479867935 CET49940443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.481312990 CET49940443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.481326103 CET44349940165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.481349945 CET44349940165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.481580019 CET49941443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.481589079 CET44349941165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.481637001 CET49941443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.483062029 CET49941443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.483069897 CET44349941165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.483093977 CET44349941165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.483325005 CET49942443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.483335972 CET44349942165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.483391047 CET49942443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.484843016 CET49942443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.484858036 CET44349942165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.484883070 CET44349942165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.485089064 CET49943443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.485095978 CET44349943165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.485146046 CET49943443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.486521006 CET49943443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.486529112 CET44349943165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.486671925 CET44349943165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.486936092 CET49944443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.486960888 CET44349944165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.487016916 CET49944443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.488477945 CET49944443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.488490105 CET44349944165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.488512993 CET44349944165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.488712072 CET49945443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.488743067 CET44349945165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.488796949 CET49945443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.490391016 CET49945443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.490406990 CET44349945165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.490430117 CET44349945165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.490744114 CET49946443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.490756989 CET44349946165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.490838051 CET49946443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.492356062 CET49946443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.492367983 CET44349946165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.492397070 CET44349946165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.492615938 CET49947443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.492635965 CET44349947165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.492719889 CET49947443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.494182110 CET49947443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.494198084 CET44349947165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.494220018 CET44349947165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.494793892 CET49948443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.494813919 CET44349948165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.494870901 CET49948443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.496393919 CET49948443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.496407986 CET44349948165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.496432066 CET44349948165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.496707916 CET49949443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.496727943 CET44349949165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.496805906 CET49949443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.498719931 CET49949443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.498733044 CET44349949165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.498759985 CET44349949165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.499013901 CET49950443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.499025106 CET44349950165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.499088049 CET49950443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.500660896 CET49950443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.500674963 CET44349950165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.500699043 CET44349950165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.500943899 CET49951443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.500953913 CET44349951165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.501029015 CET49951443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.505032063 CET49951443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.505044937 CET44349951165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.505069971 CET44349951165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.505327940 CET49952443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.505356073 CET44349952165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.505409956 CET49952443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.506902933 CET49952443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.506917953 CET44349952165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.506946087 CET44349952165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.507253885 CET49953443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.507282972 CET44349953165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.507338047 CET49953443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.508912086 CET49953443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.508920908 CET44349953165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.508948088 CET44349953165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.509177923 CET49954443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.509191990 CET44349954165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.509299040 CET49954443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.511127949 CET49954443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.511141062 CET44349954165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.511166096 CET44349954165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.511415005 CET49955443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.511425018 CET44349955165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.511475086 CET49955443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.513298988 CET49955443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.513310909 CET44349955165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.513339043 CET44349955165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.513583899 CET49956443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.513607025 CET44349956165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.513669014 CET49956443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.515254021 CET49956443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.515268087 CET44349956165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.515295029 CET44349956165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.515803099 CET49957443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.515834093 CET44349957165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.515888929 CET49957443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.517350912 CET49957443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.517365932 CET44349957165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.517390013 CET44349957165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.517612934 CET49958443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.517627954 CET44349958165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.517682076 CET49958443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.519089937 CET49958443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.519103050 CET44349958165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.519123077 CET44349958165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.519337893 CET49959443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.519350052 CET44349959165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.519397020 CET49959443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.520816088 CET49959443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.520828962 CET44349959165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.520854950 CET44349959165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.521085024 CET49960443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.521114111 CET44349960165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.521239996 CET49960443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.522639036 CET49960443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.522659063 CET44349960165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.522680998 CET44349960165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.522880077 CET49961443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.522912025 CET44349961165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.522962093 CET49961443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.524405003 CET49961443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.524420023 CET44349961165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.524444103 CET44349961165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.524693012 CET49962443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.524705887 CET44349962165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.524780035 CET49962443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.526648045 CET49962443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.526659966 CET44349962165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.526684046 CET44349962165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.526921034 CET49963443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.526935101 CET44349963165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.526988983 CET49963443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.528481960 CET49963443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.528492928 CET44349963165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.528523922 CET44349963165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.528781891 CET49964443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.528808117 CET44349964165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.528873920 CET49964443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.530368090 CET49964443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.530383110 CET44349964165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.530416012 CET44349964165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.530643940 CET49965443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.530674934 CET44349965165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.530730963 CET49965443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.532383919 CET49965443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.532394886 CET44349965165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.532428980 CET44349965165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.532711029 CET49966443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.532727003 CET44349966165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.532785892 CET49966443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.534614086 CET49966443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.534627914 CET44349966165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.534663916 CET44349966165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.534939051 CET49967443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.534951925 CET44349967165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.535100937 CET49967443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.536499023 CET49967443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.536510944 CET44349967165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.536547899 CET44349967165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.537045002 CET49968443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.537070036 CET44349968165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.537126064 CET49968443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.538602114 CET49968443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.538615942 CET44349968165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.538640976 CET44349968165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.538861036 CET49969443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.538882971 CET44349969165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.538969040 CET49969443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.540411949 CET49969443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.540426016 CET44349969165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.540450096 CET44349969165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.540677071 CET49970443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.540690899 CET44349970165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.540747881 CET49970443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.542505980 CET49970443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.542525053 CET44349970165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.542546034 CET44349970165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.542793036 CET49971443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.542810917 CET44349971165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.542886019 CET49971443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.544322014 CET49971443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.544337034 CET44349971165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.544361115 CET44349971165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.544584036 CET49972443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.544600010 CET44349972165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.544692039 CET49972443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.546365023 CET49972443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.546375990 CET44349972165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.546401024 CET44349972165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.546623945 CET49973443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.546647072 CET44349973165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.546705008 CET49973443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.548157930 CET49973443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.548172951 CET44349973165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.548188925 CET44349973165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.548439026 CET49974443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.548449039 CET44349974165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.548507929 CET49974443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.550323009 CET49974443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.550332069 CET44349974165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.550352097 CET44349974165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.550617933 CET49975443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.550631046 CET44349975165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.550697088 CET49975443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.552520037 CET49975443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.552534103 CET44349975165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.552551985 CET44349975165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.552786112 CET49976443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.552815914 CET44349976165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.552871943 CET49976443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.554591894 CET49976443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.554603100 CET44349976165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.554630041 CET44349976165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.554851055 CET49977443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.554878950 CET44349977165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.554934025 CET49977443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.556467056 CET49977443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.556485891 CET44349977165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.556504965 CET44349977165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.556745052 CET49978443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.556755066 CET44349978165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.556807041 CET49978443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.558720112 CET49978443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.558731079 CET44349978165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.558758020 CET44349978165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.558990002 CET49979443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.559003115 CET44349979165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.559065104 CET49979443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.560457945 CET49979443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.560472012 CET44349979165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.560493946 CET44349979165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.560709953 CET49980443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.560724974 CET44349980165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.560781956 CET49980443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.562207937 CET49980443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.562218904 CET44349980165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.562261105 CET44349980165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.562505960 CET49981443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.562542915 CET44349981165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.562599897 CET49981443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.563990116 CET49981443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.564003944 CET44349981165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.564027071 CET44349981165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.564250946 CET49982443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.564260960 CET44349982165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.564342022 CET49982443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.565773010 CET49982443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.565783978 CET44349982165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.565809011 CET44349982165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.566024065 CET49983443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.566034079 CET44349983165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.566096067 CET49983443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.567789078 CET49983443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.567804098 CET44349983165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.567823887 CET44349983165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.568073034 CET49984443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.568082094 CET44349984165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.568141937 CET49984443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.569515944 CET49984443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.569528103 CET44349984165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.569550991 CET44349984165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.569756031 CET49985443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.569772959 CET44349985165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.569823027 CET49985443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.571249008 CET49985443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.571261883 CET44349985165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.571285009 CET44349985165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.571512938 CET49986443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.571527958 CET44349986165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.571579933 CET49986443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.573715925 CET49986443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.573729992 CET44349986165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.573754072 CET44349986165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.576972008 CET49987443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.577019930 CET44349987165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.577094078 CET49987443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.578799009 CET49987443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.578813076 CET44349987165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.578845978 CET44349987165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.579724073 CET49988443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.579752922 CET44349988165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.579813004 CET49988443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.581191063 CET49988443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.581204891 CET44349988165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.581228018 CET44349988165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.581464052 CET49989443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.581490040 CET44349989165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.581552982 CET49989443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.583090067 CET49989443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.583101988 CET44349989165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.583128929 CET44349989165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.583364964 CET49990443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.583379030 CET44349990165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.583426952 CET49990443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.584856987 CET49990443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.584870100 CET44349990165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.584892035 CET44349990165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.585099936 CET49991443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.585114956 CET44349991165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.585165977 CET49991443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.586568117 CET49991443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.586590052 CET44349991165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.586613894 CET44349991165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.586833000 CET49992443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.586869001 CET44349992165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.586920977 CET49992443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.595983028 CET49992443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.596008062 CET44349992165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.596039057 CET44349992165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.600110054 CET49993443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.600141048 CET44349993165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.600263119 CET49993443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.635278940 CET49993443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.635303020 CET44349993165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.635355949 CET44349993165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.635653973 CET49994443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.635695934 CET44349994165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.635755062 CET49994443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.637291908 CET49994443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.637306929 CET44349994165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.637331009 CET44349994165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.637558937 CET49995443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.637583971 CET44349995165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.637674093 CET49995443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.639349937 CET49995443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.639363050 CET44349995165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.639389038 CET44349995165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.639718056 CET49996443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.639754057 CET44349996165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.639839888 CET49996443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.641258001 CET49996443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.641283035 CET44349996165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.641304016 CET44349996165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.641541958 CET49997443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.641566992 CET44349997165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.641618013 CET49997443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.643241882 CET49997443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.643256903 CET44349997165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.643280029 CET44349997165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.643534899 CET49998443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.643546104 CET44349998165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.643646002 CET49998443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.645045996 CET49998443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.645061016 CET44349998165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.645085096 CET44349998165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.645287037 CET49999443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.645302057 CET44349999165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.645356894 CET49999443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.646707058 CET49999443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.646719933 CET44349999165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.646744013 CET44349999165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.647025108 CET50000443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.647037983 CET44350000165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.647092104 CET50000443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.648463964 CET50000443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.648480892 CET44350000165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.648504972 CET44350000165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.648737907 CET50001443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.648756027 CET44350001165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.648802042 CET50001443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.650151968 CET50001443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.650166035 CET44350001165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.650187969 CET44350001165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.650413990 CET50002443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.650424004 CET44350002165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.650476933 CET50002443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.652769089 CET50002443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.652777910 CET44350002165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.652816057 CET44350002165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.653040886 CET50003443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.653054953 CET44350003165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.653107882 CET50003443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.654577971 CET50003443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.654591084 CET44350003165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.654612064 CET44350003165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.654865026 CET50004443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.654880047 CET44350004165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.654927015 CET50004443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.656342030 CET50004443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.656357050 CET44350004165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.656379938 CET44350004165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.656586885 CET50005443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.656599998 CET44350005165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.656676054 CET50005443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.658025026 CET50005443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.658040047 CET44350005165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.658065081 CET44350005165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.658278942 CET50006443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.658288956 CET44350006165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.658341885 CET50006443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.659821987 CET50006443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.659838915 CET44350006165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.659858942 CET44350006165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.660124063 CET50007443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.660135984 CET44350007165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.660223961 CET50007443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.661706924 CET50007443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.661720991 CET44350007165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.661741972 CET44350007165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.662163019 CET50008443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.662214041 CET44350008165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.662266970 CET50008443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.663721085 CET50008443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.663736105 CET44350008165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.663767099 CET44350008165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.663995028 CET50009443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.664036989 CET44350009165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.664138079 CET50009443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.665546894 CET50009443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.665565014 CET44350009165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.665584087 CET44350009165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.665817976 CET50010443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.665832043 CET44350010165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.665893078 CET50010443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.667718887 CET50010443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.667732000 CET44350010165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.667757988 CET44350010165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.667968988 CET50011443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.667983055 CET44350011165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.668035030 CET50011443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.669498920 CET50011443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.669512033 CET44350011165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.669533968 CET44350011165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.669763088 CET50012443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.669791937 CET44350012165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.669855118 CET50012443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.671516895 CET50012443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.671530008 CET44350012165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.671555042 CET44350012165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.671852112 CET50013443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.671883106 CET44350013165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.671966076 CET50013443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.673474073 CET50013443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.673489094 CET44350013165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.673508883 CET44350013165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.673763037 CET50014443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.673773050 CET44350014165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.673821926 CET50014443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.675458908 CET50014443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.675471067 CET44350014165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.675496101 CET44350014165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.675784111 CET50015443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.675793886 CET44350015165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.675939083 CET50015443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.677279949 CET50015443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.677293062 CET44350015165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.677314043 CET44350015165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.677725077 CET50016443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.677742958 CET44350016165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.677799940 CET50016443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.679219007 CET50016443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.679230928 CET44350016165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.679254055 CET44350016165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.679459095 CET50017443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.679483891 CET44350017165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.679534912 CET50017443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.680880070 CET50017443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.680895090 CET44350017165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.680916071 CET44350017165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.681128979 CET50018443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.681138039 CET44350018165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.681233883 CET50018443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.682873964 CET50018443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.682882071 CET44350018165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.682905912 CET44350018165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.683113098 CET50019443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.683124065 CET44350019165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.683172941 CET50019443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.684547901 CET50019443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.684561014 CET44350019165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.684586048 CET44350019165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.684801102 CET50020443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.684818983 CET44350020165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.684868097 CET50020443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.686604023 CET50020443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.686615944 CET44350020165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.686640024 CET44350020165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.686862946 CET50021443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.686877012 CET44350021165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.687050104 CET50021443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.688290119 CET50021443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.688303947 CET44350021165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.688327074 CET44350021165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.688538074 CET50022443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.688546896 CET44350022165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.688601017 CET50022443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.690017939 CET50022443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.690030098 CET44350022165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.690052032 CET44350022165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.690274954 CET50023443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.690283060 CET44350023165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.690336943 CET50023443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.691751003 CET50023443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.691765070 CET44350023165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.691788912 CET44350023165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.692008972 CET50024443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.692024946 CET44350024165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.692074060 CET50024443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.693790913 CET50024443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.693804026 CET44350024165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.693834066 CET44350024165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.694077969 CET50025443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.694123983 CET44350025165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.694188118 CET50025443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.695662975 CET50025443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.695679903 CET44350025165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.695705891 CET44350025165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.695955038 CET50026443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.695966005 CET44350026165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.696022034 CET50026443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.697825909 CET50026443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.697844028 CET44350026165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.697868109 CET44350026165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.698118925 CET50027443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.698147058 CET44350027165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.698199987 CET50027443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.699925900 CET50027443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.699943066 CET44350027165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.699966908 CET44350027165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.700238943 CET50028443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.700251102 CET44350028165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.700315952 CET50028443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.701761961 CET50028443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.701773882 CET44350028165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.701805115 CET44350028165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.702037096 CET50029443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.702080965 CET44350029165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.702156067 CET50029443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.703564882 CET50029443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.703583956 CET44350029165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.703624010 CET44350029165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.703852892 CET50030443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.703862906 CET44350030165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.703916073 CET50030443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.705324888 CET50030443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.705337048 CET44350030165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.705363035 CET44350030165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.705585003 CET50031443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.705604076 CET44350031165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.705705881 CET50031443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.707117081 CET50031443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.707132101 CET44350031165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.707159996 CET44350031165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.707393885 CET50032443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.707422972 CET44350032165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.707473993 CET50032443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.708967924 CET50032443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.708985090 CET44350032165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.709003925 CET44350032165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.709224939 CET50033443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.709242105 CET44350033165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.709295034 CET50033443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.711085081 CET50033443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.711097956 CET44350033165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.711127043 CET44350033165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.711389065 CET50034443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.711405993 CET44350034165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.711467028 CET50034443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.713315010 CET50034443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.713327885 CET44350034165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.713351011 CET44350034165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.714675903 CET50035443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.714688063 CET44350035165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.714745045 CET50035443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.716311932 CET50035443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.716322899 CET44350035165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.716351032 CET44350035165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.716614962 CET50036443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.716636896 CET44350036165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.716917038 CET50036443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.718107939 CET50036443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.718120098 CET44350036165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.718144894 CET44350036165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.718357086 CET50037443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.718368053 CET44350037165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.718420982 CET50037443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.719830036 CET50037443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.719841003 CET44350037165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.719877958 CET44350037165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.720192909 CET50038443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.720201969 CET44350038165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.720249891 CET50038443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.721642017 CET50038443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.721653938 CET44350038165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.721685886 CET44350038165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.721887112 CET50039443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.721896887 CET44350039165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.721946955 CET50039443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.723376036 CET50039443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.723386049 CET44350039165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.723411083 CET44350039165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.723628044 CET50040443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.723660946 CET44350040165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.723707914 CET50040443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.725177050 CET50040443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.725192070 CET44350040165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.725209951 CET44350040165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.725481033 CET50041443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.725502014 CET44350041165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.725584030 CET50041443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.727149963 CET50041443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.727164984 CET44350041165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.727196932 CET44350041165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.727418900 CET50042443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.727428913 CET44350042165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.727480888 CET50042443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.729435921 CET50042443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.729449987 CET44350042165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.729471922 CET44350042165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.729753971 CET50043443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.729763985 CET44350043165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.729830027 CET50043443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.731285095 CET50043443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.731297016 CET44350043165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.731328964 CET44350043165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.731575012 CET50044443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.731605053 CET44350044165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.731827021 CET50044443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.745338917 CET50044443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.745353937 CET44350044165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.745390892 CET44350044165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.745616913 CET50045443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.745640039 CET44350045165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.745697975 CET50045443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.747080088 CET50045443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.747092962 CET44350045165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.747116089 CET44350045165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.747329950 CET50046443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.747339964 CET44350046165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.747404099 CET50046443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.748883963 CET50046443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.748895884 CET44350046165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.748919964 CET44350046165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.749169111 CET50047443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.749177933 CET44350047165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.749229908 CET50047443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.750580072 CET50047443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.750591993 CET44350047165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.750612974 CET44350047165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.750819921 CET50048443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.750837088 CET44350048165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.750885963 CET50048443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.760386944 CET50048443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.760402918 CET44350048165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.760423899 CET44350048165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.760663033 CET50049443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.760678053 CET44350049165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.760786057 CET50049443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.762173891 CET50049443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.762187004 CET44350049165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.762217045 CET44350049165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.762435913 CET50050443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.762448072 CET44350050165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.762499094 CET50050443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.763958931 CET50050443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.763972044 CET44350050165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.763991117 CET44350050165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.764226913 CET50051443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.764236927 CET44350051165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.764316082 CET50051443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.765904903 CET50051443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.765916109 CET44350051165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.765938997 CET44350051165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.766211033 CET50052443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.766223907 CET44350052165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.766283989 CET50052443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.767710924 CET50052443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.767738104 CET44350052165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.767762899 CET44350052165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.767963886 CET50053443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.767976046 CET44350053165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.768023014 CET50053443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.769402027 CET50053443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.769413948 CET44350053165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.769433022 CET44350053165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.769682884 CET50054443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.769694090 CET44350054165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.769769907 CET50054443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.771223068 CET50054443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.771236897 CET44350054165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.771260977 CET44350054165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.771764040 CET50055443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.771773100 CET44350055165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.771826029 CET50055443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.773283005 CET50055443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.773294926 CET44350055165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.773319006 CET44350055165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.773550034 CET50056443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.773577929 CET44350056165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.773628950 CET50056443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.775058985 CET50056443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.775073051 CET44350056165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.775094032 CET44350056165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.775305986 CET50057443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.775341034 CET44350057165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.775393009 CET50057443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.777091026 CET50057443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.777103901 CET44350057165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.777143002 CET44350057165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.777367115 CET50058443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.777378082 CET44350058165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.777431965 CET50058443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.778928995 CET50058443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.778940916 CET44350058165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.778963089 CET44350058165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.779181004 CET50059443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.779191017 CET44350059165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.779242039 CET50059443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.781049967 CET50059443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.781060934 CET44350059165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.781086922 CET44350059165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.781358957 CET50060443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.781374931 CET44350060165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.781466961 CET50060443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.782916069 CET50060443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.782928944 CET44350060165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.782951117 CET44350060165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.783193111 CET50061443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.783206940 CET44350061165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.783252954 CET50061443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.784739017 CET50061443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.784749031 CET44350061165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.784775972 CET44350061165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.785075903 CET50062443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.785084963 CET44350062165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.785264969 CET50062443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.786552906 CET50062443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.786565065 CET44350062165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.786602020 CET44350062165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.786824942 CET50063443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.786834002 CET44350063165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.786885977 CET50063443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.788605928 CET50063443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.788616896 CET44350063165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.788641930 CET44350063165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.788866997 CET50064443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.788880110 CET44350064165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.788953066 CET50064443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.790355921 CET50064443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.790368080 CET44350064165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.790391922 CET44350064165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.790606976 CET50065443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.790618896 CET44350065165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.790673018 CET50065443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.792606115 CET50065443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.792618990 CET44350065165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.792639971 CET44350065165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.792891026 CET50066443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.792900085 CET44350066165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.792958021 CET50066443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.794352055 CET50066443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.794362068 CET44350066165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.794404984 CET44350066165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.794610023 CET50067443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.794620037 CET44350067165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.794675112 CET50067443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.796036959 CET50067443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.796049118 CET44350067165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.796070099 CET44350067165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.796288967 CET50068443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.796298981 CET44350068165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.796346903 CET50068443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.797700882 CET50068443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.797718048 CET44350068165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.797740936 CET44350068165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.797966003 CET50069443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.797979116 CET44350069165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.798146963 CET50069443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.799384117 CET50069443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.799396992 CET44350069165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.799417019 CET44350069165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.799629927 CET50070443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.799638987 CET44350070165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.799688101 CET50070443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.801028013 CET50070443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.801038027 CET44350070165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.801063061 CET44350070165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.801280022 CET50071443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.801290035 CET44350071165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.801362991 CET50071443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.802721977 CET50071443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.802733898 CET44350071165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.802753925 CET44350071165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.803000927 CET50072443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.803014994 CET44350072165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.803122997 CET50072443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.804824114 CET50072443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.804835081 CET44350072165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.804862976 CET44350072165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.805093050 CET50073443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.805118084 CET44350073165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.805171967 CET50073443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.806632042 CET50073443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.806648016 CET44350073165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.806668043 CET44350073165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.809802055 CET50074443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.809812069 CET44350074165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.809881926 CET50074443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.811333895 CET50074443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.811345100 CET44350074165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.811372042 CET44350074165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.811594009 CET50075443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.811629057 CET44350075165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.811681032 CET50075443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.813277006 CET50075443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.813296080 CET44350075165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.813314915 CET44350075165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.813591003 CET50076443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.813602924 CET44350076165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.813654900 CET50076443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.815395117 CET50076443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.815406084 CET44350076165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.815428019 CET44350076165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.815844059 CET50077443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.815859079 CET44350077165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.815943956 CET50077443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.817316055 CET50077443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.817328930 CET44350077165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.817348957 CET44350077165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.817580938 CET50078443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.817588091 CET44350078165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.817641973 CET50078443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.819021940 CET50078443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.819032907 CET44350078165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.819053888 CET44350078165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.819334030 CET50079443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.819343090 CET44350079165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.819407940 CET50079443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.820842028 CET50079443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.820853949 CET44350079165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.820873976 CET44350079165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.821115971 CET50080443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.821141958 CET44350080165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.821204901 CET50080443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.823030949 CET50080443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.823045015 CET44350080165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.823070049 CET44350080165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.823332071 CET50081443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.823345900 CET44350081165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.823400974 CET50081443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.824876070 CET50081443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.824889898 CET44350081165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.824923038 CET44350081165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.825144053 CET50082443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.825153112 CET44350082165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.825206041 CET50082443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.826605082 CET50082443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.826617002 CET44350082165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.826642036 CET44350082165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.826852083 CET50083443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.826860905 CET44350083165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.826915979 CET50083443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.828800917 CET50083443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.828811884 CET44350083165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.828830004 CET44350083165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.829076052 CET50084443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.829087973 CET44350084165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.829143047 CET50084443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.830560923 CET50084443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.830571890 CET44350084165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.830594063 CET44350084165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.830862999 CET50085443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.830874920 CET44350085165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.830960035 CET50085443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.832478046 CET50085443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.832489967 CET44350085165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.832511902 CET44350085165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.832756996 CET50086443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.832766056 CET44350086165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.832815886 CET50086443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.834501028 CET50086443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.834511995 CET44350086165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.834537029 CET44350086165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.834764957 CET50087443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.834774017 CET44350087165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.834907055 CET50087443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.836221933 CET50087443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.836234093 CET44350087165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.836251974 CET44350087165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.836463928 CET50088443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.836482048 CET44350088165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.836595058 CET50088443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.837948084 CET50088443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.837959051 CET44350088165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.837982893 CET44350088165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.838202953 CET50089443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.838224888 CET44350089165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.838273048 CET50089443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.839618921 CET50089443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.839633942 CET44350089165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.839653969 CET44350089165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.840173960 CET50090443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.840183973 CET44350090165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.840251923 CET50090443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.841686010 CET50090443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.841696978 CET44350090165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.841721058 CET44350090165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.841922998 CET50091443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.841932058 CET44350091165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.841979980 CET50091443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.843343973 CET50091443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.843358994 CET44350091165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.843379974 CET44350091165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.843595982 CET50092443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.843606949 CET44350092165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.843658924 CET50092443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.845000029 CET50092443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.845011950 CET44350092165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.845037937 CET44350092165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.845263004 CET50093443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.845274925 CET44350093165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.845329046 CET50093443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.846702099 CET50093443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.846714020 CET44350093165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.846735954 CET44350093165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.846946001 CET50094443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.846956968 CET44350094165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.847007990 CET50094443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.848345041 CET50094443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.848356962 CET44350094165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.848378897 CET44350094165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.848582983 CET50095443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.848592043 CET44350095165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.848645926 CET50095443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.850055933 CET50095443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.850068092 CET44350095165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.850090981 CET44350095165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.850311995 CET50096443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.850321054 CET44350096165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.850370884 CET50096443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.852148056 CET50096443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.852160931 CET44350096165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.852183104 CET44350096165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.852490902 CET50097443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.852504015 CET44350097165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.852557898 CET50097443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.858061075 CET50097443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.858074903 CET44350097165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.858099937 CET44350097165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.858365059 CET50098443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.858376980 CET44350098165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.858431101 CET50098443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.859858036 CET50098443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.859870911 CET44350098165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.859890938 CET44350098165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.860099077 CET50099443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.860112906 CET44350099165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.860172033 CET50099443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.861540079 CET50099443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.861551046 CET44350099165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.861574888 CET44350099165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.861952066 CET50100443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.861970901 CET44350100165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.862097025 CET50100443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.863581896 CET50100443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.863595009 CET44350100165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.863615990 CET44350100165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.863821030 CET50101443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.863833904 CET44350101165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.863883018 CET50101443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.865241051 CET50101443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.865252018 CET44350101165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.865272999 CET44350101165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.865492105 CET50102443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.865500927 CET44350102165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.865550995 CET50102443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.866930008 CET50102443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.866942883 CET44350102165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.866961956 CET44350102165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.867165089 CET50103443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.867175102 CET44350103165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.867223978 CET50103443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.868783951 CET50103443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.868796110 CET44350103165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.868818045 CET44350103165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.869030952 CET50104443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.869051933 CET44350104165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.869103909 CET50104443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.902271986 CET50104443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.902307987 CET44350104165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.902381897 CET44350104165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.912987947 CET50105443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.913045883 CET44350105165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.913149118 CET50105443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.979365110 CET50105443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.979397058 CET44350105165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.979430914 CET44350105165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.987340927 CET50106443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:26.987370968 CET44350106165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:26.987432957 CET50106443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.004170895 CET50106443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.004190922 CET44350106165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.004220963 CET44350106165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.004532099 CET50107443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.004563093 CET44350107165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.004631042 CET50107443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.007767916 CET50107443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.007781029 CET44350107165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.007811069 CET44350107165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.008560896 CET50108443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.008594990 CET44350108165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.008666039 CET50108443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.011934996 CET50108443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.011951923 CET44350108165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.011977911 CET44350108165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.012336969 CET50109443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.012376070 CET44350109165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.012433052 CET50109443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.015223026 CET50109443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.015235901 CET44350109165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.015265942 CET44350109165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.015635967 CET50110443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.015667915 CET44350110165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.015763044 CET50110443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.018898010 CET50110443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.018913984 CET44350110165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.018938065 CET44350110165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.019289017 CET50111443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.019304037 CET44350111165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.019360065 CET50111443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.021612883 CET50111443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.021625996 CET44350111165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.021652937 CET44350111165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.021899939 CET50112443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.021912098 CET44350112165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.021972895 CET50112443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.023390055 CET50112443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.023401976 CET44350112165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.023431063 CET44350112165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.024013042 CET50113443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.024030924 CET44350113165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.024104118 CET50113443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.025615931 CET50113443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.025631905 CET44350113165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.025655031 CET44350113165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.026376009 CET50114443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.026391029 CET44350114165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.026442051 CET50114443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.028635025 CET50114443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.028646946 CET44350114165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.028672934 CET44350114165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.029395103 CET50115443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.029413939 CET44350115165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.029475927 CET50115443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.031531096 CET50115443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.031543970 CET44350115165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.031568050 CET44350115165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.031797886 CET50116443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.031821966 CET44350116165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.031877995 CET50116443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.033732891 CET50116443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.033745050 CET44350116165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.033771038 CET44350116165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.034048080 CET50117443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.034082890 CET44350117165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.034142017 CET50117443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.036003113 CET50117443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.036015987 CET44350117165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.036041975 CET44350117165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.036339045 CET50118443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.036355019 CET44350118165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.036425114 CET50118443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.038305998 CET50118443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.038316965 CET44350118165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.038341999 CET44350118165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.038605928 CET50119443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.038618088 CET44350119165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.038682938 CET50119443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.040560007 CET50119443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.040574074 CET44350119165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.040596008 CET44350119165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.040860891 CET50120443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.040884972 CET44350120165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.040939093 CET50120443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.042684078 CET50120443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.042696953 CET44350120165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.042721033 CET44350120165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.043335915 CET50121443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.043354988 CET44350121165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.043508053 CET50121443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.045203924 CET50121443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.045222998 CET44350121165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.045242071 CET44350121165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.045705080 CET50122443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.045715094 CET44350122165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.045793056 CET50122443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.048475981 CET50122443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.048490047 CET44350122165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.048513889 CET44350122165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.048888922 CET50123443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.048901081 CET44350123165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.049015999 CET50123443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.051337004 CET50123443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.051351070 CET44350123165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.051376104 CET44350123165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.051713943 CET50124443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.051738977 CET44350124165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.051781893 CET50124443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.053220034 CET50124443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.053231955 CET44350124165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.053258896 CET44350124165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.053566933 CET50125443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.053601980 CET44350125165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.053649902 CET50125443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.055150032 CET50125443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.055166006 CET44350125165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.055190086 CET44350125165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.055459023 CET50126443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.055469036 CET44350126165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.055810928 CET50126443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.058443069 CET50126443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.058454037 CET44350126165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.058496952 CET44350126165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.059015989 CET50127443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.059031963 CET44350127165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.059092045 CET50127443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.108019114 CET50127443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.108036041 CET44350127165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.108062029 CET44350127165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.108469963 CET50128443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.108491898 CET44350128165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.108597040 CET50128443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.163116932 CET50128443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.163136959 CET44350128165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.163158894 CET44350128165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.172306061 CET50129443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.172334909 CET44350129165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.172401905 CET50129443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.202307940 CET50129443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.202337980 CET44350129165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.202378988 CET44350129165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.203238964 CET50130443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.203274012 CET44350130165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.203334093 CET50130443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.207767963 CET50130443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.207782030 CET44350130165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.207808018 CET44350130165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.208313942 CET50131443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.208338022 CET44350131165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.208421946 CET50131443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.211319923 CET50131443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.211333036 CET44350131165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.211352110 CET44350131165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.211986065 CET50132443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.212037086 CET44350132165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.212177038 CET50132443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.215310097 CET50132443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.215332031 CET44350132165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.215352058 CET44350132165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.215795040 CET50133443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.215840101 CET44350133165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.215992928 CET50133443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.217593908 CET50133443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.217612028 CET44350133165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.217638969 CET44350133165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.218027115 CET50134443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.218060017 CET44350134165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.218291044 CET50134443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.220189095 CET50134443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.220208883 CET44350134165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.220232964 CET44350134165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.220630884 CET50135443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.220643997 CET44350135165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.220757961 CET50135443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.222469091 CET50135443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.222484112 CET44350135165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.222508907 CET44350135165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.222951889 CET50136443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.222996950 CET44350136165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.223067045 CET50136443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.226000071 CET50136443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.226015091 CET44350136165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.226036072 CET44350136165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.226473093 CET50137443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.226515055 CET44350137165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.226648092 CET50137443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.229001045 CET50137443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.229017019 CET44350137165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.229043961 CET44350137165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.229389906 CET50138443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.229403019 CET44350138165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.229480028 CET50138443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.232013941 CET50138443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.232033014 CET44350138165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.232065916 CET44350138165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.232446909 CET50139443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.232502937 CET44350139165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.232561111 CET50139443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.234015942 CET50139443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.234033108 CET44350139165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.234057903 CET44350139165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.234522104 CET50140443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.234571934 CET44350140165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.234709978 CET50140443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.237186909 CET50140443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.237200975 CET44350140165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.237222910 CET44350140165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.237478971 CET50141443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.237524986 CET44350141165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.237595081 CET50141443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.239790916 CET50141443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.239805937 CET44350141165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.239830971 CET44350141165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.240194082 CET50142443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.240205050 CET44350142165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.240366936 CET50142443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.241982937 CET50142443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.241995096 CET44350142165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.242018938 CET44350142165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.242407084 CET50143443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.242422104 CET44350143165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.242484093 CET50143443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.244879961 CET50143443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.244894981 CET44350143165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.244920015 CET44350143165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.245198011 CET50144443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.245223999 CET44350144165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.245407104 CET50144443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.247579098 CET50144443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.247591019 CET44350144165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.247612953 CET44350144165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.248001099 CET50145443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.248016119 CET44350145165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.248184919 CET50145443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.249789000 CET50145443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.249800920 CET44350145165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.249820948 CET44350145165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.250215054 CET50146443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.250224113 CET44350146165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.250386000 CET50146443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.253174067 CET50146443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.253185987 CET44350146165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.253205061 CET44350146165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.253460884 CET50147443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.253468990 CET44350147165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.253608942 CET50147443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.257061958 CET50147443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.257074118 CET44350147165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.257093906 CET44350147165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.257657051 CET50148443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.257678032 CET44350148165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.258018017 CET50148443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.271157026 CET50148443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.271176100 CET44350148165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.271199942 CET44350148165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.271488905 CET50149443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.271539927 CET44350149165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.271735907 CET50149443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.273883104 CET50149443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.273899078 CET44350149165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.273919106 CET44350149165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.275784969 CET50150443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.275813103 CET44350150165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.275943995 CET50150443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.277805090 CET50150443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.277820110 CET44350150165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.277842045 CET44350150165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.278188944 CET50151443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.278208017 CET44350151165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.278337955 CET50151443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.280525923 CET50151443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.280539036 CET44350151165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.280563116 CET44350151165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.281040907 CET50152443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.281089067 CET44350152165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.281151056 CET50152443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.385982990 CET50152443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.386007071 CET44350152165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.386094093 CET44350152165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.386920929 CET50153443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.386956930 CET44350153165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.387022018 CET50153443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.389978886 CET50153443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.389992952 CET44350153165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.390276909 CET44350153165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.390703917 CET50154443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.390742064 CET44350154165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.390810013 CET50154443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.393369913 CET50154443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.393383026 CET44350154165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.393418074 CET44350154165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.393678904 CET50155443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.393692970 CET44350155165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.393824100 CET50155443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.396584034 CET50155443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.396598101 CET44350155165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.396646023 CET44350155165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.397161961 CET50156443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.397209883 CET44350156165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.397286892 CET50156443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.398741961 CET50156443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.398758888 CET44350156165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.398785114 CET44350156165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.399173021 CET50157443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.399199963 CET44350157165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.399545908 CET50157443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.402160883 CET50157443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.402174950 CET44350157165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.402204037 CET44350157165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.402718067 CET50158443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.402743101 CET44350158165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.402892113 CET50158443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.406330109 CET50158443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.406344891 CET44350158165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.406368017 CET44350158165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.406625986 CET50159443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.406637907 CET44350159165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.406900883 CET50159443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.423491955 CET50159443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.423501015 CET44350159165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.423584938 CET44350159165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.429728985 CET50160443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.429757118 CET44350160165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.429867029 CET50160443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.457988024 CET50160443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.458003044 CET44350160165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.458070993 CET44350160165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.461879015 CET50161443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.461918116 CET44350161165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.462085962 CET50161443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.488352060 CET50161443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.488385916 CET44350161165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.488435030 CET44350161165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.492053032 CET50162443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.492091894 CET44350162165.194.123.67192.168.2.3
            Nov 1, 2024 15:56:27.492185116 CET50162443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.518579960 CET50162443192.168.2.3165.194.123.67
            Nov 1, 2024 15:56:27.518600941 CET44350162165.194.123.67192.168.2.3

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:10:56:24
            Start date:01/11/2024
            Path:C:\Users\user\Desktop\7rtK9LWbTc.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\7rtK9LWbTc.exe"
            Imagebase:0xbc0000
            File size:80'312 bytes
            MD5 hash:D0930DC6939B931C258795A16B59C2CF
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:1
            Start time:10:56:24
            Start date:01/11/2024
            Path:C:\ProgramData\Graphics\guifx.exe
            Wow64 process (32bit):true
            Commandline:"C:\ProgramData\Graphics\guifx.exe" /run
            Imagebase:0xf70000
            File size:80'316 bytes
            MD5 hash:A7D9795D178F27CA2CEBB45293CFE3B1
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:10:56:36
            Start date:01/11/2024
            Path:C:\ProgramData\Graphics\guifx.exe
            Wow64 process (32bit):true
            Commandline:"C:\ProgramData\Graphics\guifx.exe" /run
            Imagebase:0xf70000
            File size:80'316 bytes
            MD5 hash:A7D9795D178F27CA2CEBB45293CFE3B1
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:5
            Start time:10:56:44
            Start date:01/11/2024
            Path:C:\ProgramData\Graphics\guifx.exe
            Wow64 process (32bit):true
            Commandline:"C:\ProgramData\Graphics\guifx.exe" /run
            Imagebase:0xf70000
            File size:80'316 bytes
            MD5 hash:A7D9795D178F27CA2CEBB45293CFE3B1
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:6
            Start time:10:56:55
            Start date:01/11/2024
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:"C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL
            Imagebase:0xb80000
            File size:236'544 bytes
            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:7
            Start time:10:56:55
            Start date:01/11/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff720030000
            File size:873'472 bytes
            MD5 hash:7366FBEFE66BA0F1F5304F7D6FEF09FE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:4.6%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:9.1%
              Total number of Nodes:1838
              Total number of Limit Nodes:5
              execution_graph 7327 bc6c9c 7330 bc6c8c 7327->7330 7329 bc6ca9 ctype 7333 bc9f6e 7330->7333 7332 bc6c9a 7332->7329 7334 bc9f7a __freefls@4 7333->7334 7335 bc8a6f __lock 64 API calls 7334->7335 7336 bc9f81 7335->7336 7338 bc9fb1 7336->7338 7341 bc9fba 7336->7341 7342 bc2dcc _free 64 API calls 7336->7342 7339 bc2dcc _free 64 API calls 7338->7339 7339->7341 7340 bc9fcb __freefls@4 7340->7332 7343 bc9fd5 7341->7343 7342->7338 7346 bc8996 LeaveCriticalSection 7343->7346 7345 bc9fdc 7345->7340 7346->7345 7347 bc1d9e 7348 bc1dc0 7347->7348 7349 bc1ef5 7348->7349 7350 bc1ded GetTempPathA SetCurrentDirectoryA DeleteUrlCacheEntry CreateFileA 7348->7350 7351 bc2d39 __write_nolock 5 API calls 7349->7351 7350->7349 7354 bc1e3a _memset 7350->7354 7352 bc1f04 7351->7352 7353 bc1ea1 WriteFile 7353->7354 7354->7349 7354->7353 7355 bc1edc CloseHandle 7354->7355 7355->7349 7408 bc9f5e IsProcessorFeaturePresent 7393 bc367f 7396 bc788f 7393->7396 7395 bc3684 7395->7395 7397 bc78b4 7396->7397 7398 bc78c1 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 7396->7398 7397->7398 7399 bc78b8 7397->7399 7398->7399 7399->7395 7409 bc56df TlsAlloc 7357 bc1899 7358 bc18a0 7357->7358 7359 bc1944 7358->7359 7360 bc2d48 100 API calls _sprintf 7358->7360 7361 bc2dcc _free 64 API calls 7359->7361 7360->7358 7362 bc1950 7361->7362 7363 bc2d39 __write_nolock 5 API calls 7362->7363 7364 bc1994 7363->7364 7413 bc3655 7414 bc366a 7413->7414 7415 bc3664 7413->7415 7419 bc4a47 7414->7419 7417 bc4a22 __amsg_exit 64 API calls 7415->7417 7417->7414 7418 bc366f __freefls@4 7420 bc48cc _doexit 64 API calls 7419->7420 7421 bc4a52 7420->7421 7421->7418 7365 bc8317 7366 bc8324 7365->7366 7367 bc8554 __calloc_crt 64 API calls 7366->7367 7368 bc833e 7367->7368 7369 bc8554 __calloc_crt 64 API calls 7368->7369 7370 bc8357 7368->7370 7369->7370 7371 bca110 7372 bca130 @_EH4_CallFilterFunc@8 7371->7372 7373 bca122 7371->7373 7374 bc2d39 __write_nolock 5 API calls 7373->7374 7374->7372 7422 bcae50 RtlUnwind 5497 bc3512 5537 bc76a0 5497->5537 5499 bc351e GetStartupInfoW 5500 bc3532 HeapSetInformation 5499->5500 5503 bc353d 5499->5503 5500->5503 5502 bc358b 5504 bc3596 5502->5504 5652 bc34e9 5502->5652 5538 bc476b HeapCreate 5503->5538 5539 bc59cf GetModuleHandleW 5504->5539 5507 bc359c 5508 bc35a7 __RTC_Initialize 5507->5508 5509 bc34e9 _fast_error_exit 64 API calls 5507->5509 5564 bc7404 GetStartupInfoW 5508->5564 5509->5508 5512 bc35c1 GetCommandLineA 5577 bc736d GetEnvironmentStringsW 5512->5577 5519 bc35e6 5603 bc703c 5519->5603 5520 bc4a56 __amsg_exit 64 API calls 5520->5519 5522 bc35ec 5523 bc35f7 5522->5523 5525 bc4a56 __amsg_exit 64 API calls 5522->5525 5623 bc4835 5523->5623 5525->5523 5526 bc35ff 5527 bc360a 5526->5527 5528 bc4a56 __amsg_exit 64 API calls 5526->5528 5629 bc6fdd 5527->5629 5528->5527 5533 bc363a 5670 bc4a38 5533->5670 5536 bc363f __freefls@4 5537->5499 5538->5502 5540 bc59ec GetProcAddress GetProcAddress GetProcAddress GetProcAddress 5539->5540 5541 bc59e3 5539->5541 5543 bc5a36 TlsAlloc 5540->5543 5673 bc571c 5541->5673 5546 bc5a84 TlsSetValue 5543->5546 5547 bc5b45 5543->5547 5546->5547 5548 bc5a95 5546->5548 5547->5507 5683 bc47de 5548->5683 5553 bc5add DecodePointer 5556 bc5af2 5553->5556 5554 bc5b40 5555 bc571c __mtterm 68 API calls 5554->5555 5555->5547 5556->5554 5692 bc8554 5556->5692 5559 bc5b10 DecodePointer 5560 bc5b21 5559->5560 5560->5554 5561 bc5b25 5560->5561 5698 bc5759 5561->5698 5563 bc5b2d GetCurrentThreadId 5563->5547 5565 bc8554 __calloc_crt 64 API calls 5564->5565 5574 bc7422 5565->5574 5566 bc75cd GetStdHandle 5571 bc7597 5566->5571 5567 bc8554 __calloc_crt 64 API calls 5567->5574 5568 bc7631 SetHandleCount 5576 bc35b5 5568->5576 5569 bc7517 5569->5571 5572 bc754e InitializeCriticalSectionAndSpinCount 5569->5572 5573 bc7543 GetFileType 5569->5573 5570 bc75df GetFileType 5570->5571 5571->5566 5571->5568 5571->5570 5575 bc7605 InitializeCriticalSectionAndSpinCount 5571->5575 5572->5569 5572->5576 5573->5569 5573->5572 5574->5567 5574->5569 5574->5571 5574->5576 5575->5571 5575->5576 5576->5512 5660 bc4a56 5576->5660 5578 bc7389 WideCharToMultiByte 5577->5578 5579 bc35d1 5577->5579 5581 bc73be 5578->5581 5582 bc73f6 FreeEnvironmentStringsW 5578->5582 5590 bc72b2 5579->5590 5583 bc850f __malloc_crt 64 API calls 5581->5583 5582->5579 5584 bc73c4 5583->5584 5584->5582 5585 bc73cc WideCharToMultiByte 5584->5585 5586 bc73de 5585->5586 5587 bc73ea FreeEnvironmentStringsW 5585->5587 5588 bc2dcc _free 64 API calls 5586->5588 5587->5579 5589 bc73e6 5588->5589 5589->5587 5591 bc72cc GetModuleFileNameA 5590->5591 5592 bc72c7 5590->5592 5594 bc72f3 5591->5594 5943 bc537f 5592->5943 5937 bc7118 5594->5937 5597 bc35db 5597->5519 5597->5520 5598 bc732f 5599 bc850f __malloc_crt 64 API calls 5598->5599 5600 bc7335 5599->5600 5600->5597 5601 bc7118 _parse_cmdline 74 API calls 5600->5601 5602 bc734f 5601->5602 5602->5597 5604 bc7045 5603->5604 5607 bc704a _strlen 5603->5607 5605 bc537f ___initmbctable 92 API calls 5604->5605 5605->5607 5606 bc8554 __calloc_crt 64 API calls 5613 bc707f _strlen 5606->5613 5607->5606 5610 bc7058 5607->5610 5608 bc70ce 5609 bc2dcc _free 64 API calls 5608->5609 5609->5610 5610->5522 5611 bc8554 __calloc_crt 64 API calls 5611->5613 5612 bc70f4 5614 bc2dcc _free 64 API calls 5612->5614 5613->5608 5613->5610 5613->5611 5613->5612 5616 bc710b 5613->5616 6384 bc992b 5613->6384 5614->5610 5617 bc467e __invoke_watson 10 API calls 5616->5617 5618 bc7117 5617->5618 5619 bca064 _parse_cmdline 74 API calls 5618->5619 5621 bc71a4 5618->5621 5619->5618 5620 bc72a2 5620->5522 5621->5620 5622 bca064 74 API calls _parse_cmdline 5621->5622 5622->5621 5624 bc4843 __IsNonwritableInCurrentImage 5623->5624 6393 bc84ec 5624->6393 5626 bc4861 __initterm_e 5628 bc4882 __IsNonwritableInCurrentImage 5626->5628 6396 bc6de0 5626->6396 5628->5526 5630 bc6feb 5629->5630 5632 bc6ff0 5629->5632 5631 bc537f ___initmbctable 92 API calls 5630->5631 5631->5632 5633 bca064 _parse_cmdline 74 API calls 5632->5633 5634 bc3610 5632->5634 5633->5632 5635 bc2c50 GetCommandLineA 5634->5635 6461 bc1ca0 lstrlenA GlobalAlloc 5635->6461 5640 bc2c9c wsprintfA 6469 bc2a50 GetModuleFileNameA lstrcpyA 5640->6469 5641 bc2cff OpenMutexA 5642 bc2cf7 ExitProcess 5641->5642 5643 bc2d17 CreateMutexA 5641->5643 6492 bc27e0 WSAStartup 5643->6492 5647 bc2cde ShellExecuteA 5647->5642 5649 bc2cd1 5649->5647 5649->5649 5650 bc2d39 __write_nolock 5 API calls 5651 bc2d33 5650->5651 5651->5533 5667 bc4a0c 5651->5667 5653 bc34fc 5652->5653 5654 bc34f7 5652->5654 5656 bc4a9a __NMSG_WRITE 64 API calls 5653->5656 5655 bc4c49 __FF_MSGBANNER 64 API calls 5654->5655 5655->5653 5657 bc3504 5656->5657 5658 bc47b4 _doexit 3 API calls 5657->5658 5659 bc350e 5658->5659 5659->5504 5661 bc4c49 __FF_MSGBANNER 64 API calls 5660->5661 5662 bc4a60 5661->5662 5663 bc4a9a __NMSG_WRITE 64 API calls 5662->5663 5664 bc4a68 5663->5664 7246 bc4a22 5664->7246 5668 bc48cc _doexit 64 API calls 5667->5668 5669 bc4a1d 5668->5669 5669->5533 5671 bc48cc _doexit 64 API calls 5670->5671 5672 bc4a43 5671->5672 5672->5536 5674 bc5726 DecodePointer 5673->5674 5676 bc5735 5673->5676 5674->5676 5675 bc5746 TlsFree 5680 bc5754 5675->5680 5676->5675 5676->5680 5677 bc895b DeleteCriticalSection 5711 bc2dcc 5677->5711 5678 bc8973 5681 bc8985 DeleteCriticalSection 5678->5681 5682 bc59e8 5678->5682 5680->5677 5680->5678 5681->5678 5682->5507 5737 bc56d6 EncodePointer 5683->5737 5685 bc47e6 __init_pointers __initp_misc_winsig 5738 bc8adb EncodePointer 5685->5738 5687 bc480c EncodePointer EncodePointer EncodePointer EncodePointer 5688 bc88f5 5687->5688 5689 bc8900 5688->5689 5690 bc890a InitializeCriticalSectionAndSpinCount 5689->5690 5691 bc5ad9 5689->5691 5690->5689 5690->5691 5691->5553 5691->5554 5695 bc855d 5692->5695 5694 bc5b08 5694->5554 5694->5559 5695->5694 5696 bc857b Sleep 5695->5696 5739 bca763 5695->5739 5697 bc8590 5696->5697 5697->5694 5697->5695 5749 bc76a0 5698->5749 5700 bc5765 GetModuleHandleW 5750 bc8a6f 5700->5750 5702 bc57a3 InterlockedIncrement 5757 bc57fb 5702->5757 5705 bc8a6f __lock 62 API calls 5706 bc57c4 5705->5706 5760 bc539d InterlockedIncrement 5706->5760 5708 bc57e2 5772 bc5804 5708->5772 5710 bc57ef __freefls@4 5710->5563 5712 bc2e00 _free 5711->5712 5713 bc2dd7 HeapFree 5711->5713 5712->5680 5713->5712 5714 bc2dec 5713->5714 5717 bc4722 5714->5717 5720 bc580d GetLastError 5717->5720 5719 bc2df2 GetLastError 5719->5712 5734 bc56e8 TlsGetValue 5720->5734 5723 bc587a SetLastError 5723->5719 5724 bc8554 __calloc_crt 60 API calls 5725 bc5838 5724->5725 5725->5723 5726 bc5840 DecodePointer 5725->5726 5727 bc5855 5726->5727 5728 bc5859 5727->5728 5729 bc5871 5727->5729 5731 bc5759 __getptd_noexit 60 API calls 5728->5731 5730 bc2dcc _free 60 API calls 5729->5730 5732 bc5877 5730->5732 5733 bc5861 GetCurrentThreadId 5731->5733 5732->5723 5733->5723 5735 bc56fd DecodePointer TlsSetValue 5734->5735 5736 bc5718 5734->5736 5735->5736 5736->5723 5736->5724 5737->5685 5738->5687 5740 bca76f 5739->5740 5743 bca78a 5739->5743 5741 bca77b 5740->5741 5740->5743 5742 bc4722 __write_nolock 64 API calls 5741->5742 5744 bca780 5742->5744 5746 bca7c4 5743->5746 5747 bc4c91 DecodePointer 5743->5747 5744->5695 5746->5695 5748 bc4ca6 5747->5748 5748->5743 5749->5700 5751 bc8a84 5750->5751 5752 bc8a97 EnterCriticalSection 5750->5752 5775 bc89ad 5751->5775 5752->5702 5754 bc8a8a 5754->5752 5755 bc4a56 __amsg_exit 63 API calls 5754->5755 5756 bc8a96 5755->5756 5756->5752 5935 bc8996 LeaveCriticalSection 5757->5935 5759 bc57bd 5759->5705 5761 bc53be 5760->5761 5762 bc53bb InterlockedIncrement 5760->5762 5763 bc53c8 InterlockedIncrement 5761->5763 5764 bc53cb 5761->5764 5762->5761 5763->5764 5765 bc53d8 5764->5765 5766 bc53d5 InterlockedIncrement 5764->5766 5767 bc53e2 InterlockedIncrement 5765->5767 5769 bc53e5 5765->5769 5766->5765 5767->5769 5768 bc53fe InterlockedIncrement 5768->5769 5769->5768 5770 bc5419 InterlockedIncrement 5769->5770 5771 bc540e InterlockedIncrement 5769->5771 5770->5708 5771->5769 5936 bc8996 LeaveCriticalSection 5772->5936 5774 bc580b 5774->5710 5776 bc89b9 __freefls@4 5775->5776 5788 bc89df 5776->5788 5800 bc4c49 5776->5800 5783 bc8a10 5787 bc8a6f __lock 63 API calls 5783->5787 5784 bc8a01 5786 bc4722 __write_nolock 63 API calls 5784->5786 5789 bc89ef __freefls@4 5786->5789 5790 bc8a17 5787->5790 5788->5789 5836 bc850f 5788->5836 5789->5754 5791 bc8a1f InitializeCriticalSectionAndSpinCount 5790->5791 5792 bc8a4a 5790->5792 5793 bc8a2f 5791->5793 5794 bc8a3b 5791->5794 5795 bc2dcc _free 63 API calls 5792->5795 5796 bc2dcc _free 63 API calls 5793->5796 5841 bc8a66 5794->5841 5795->5794 5797 bc8a35 5796->5797 5799 bc4722 __write_nolock 63 API calls 5797->5799 5799->5794 5844 bc9188 5800->5844 5802 bc4c50 5803 bc4c5d 5802->5803 5805 bc9188 __NMSG_WRITE 64 API calls 5802->5805 5804 bc4a9a __NMSG_WRITE 64 API calls 5803->5804 5808 bc4c7f 5803->5808 5806 bc4c75 5804->5806 5805->5803 5807 bc4a9a __NMSG_WRITE 64 API calls 5806->5807 5807->5808 5809 bc4a9a 5808->5809 5810 bc4abb __NMSG_WRITE 5809->5810 5812 bc9188 __NMSG_WRITE 61 API calls 5810->5812 5832 bc4bd7 5810->5832 5814 bc4ad5 5812->5814 5813 bc4c47 5833 bc47b4 5813->5833 5815 bc4be6 GetStdHandle 5814->5815 5816 bc9188 __NMSG_WRITE 61 API calls 5814->5816 5819 bc4bf4 _strlen 5815->5819 5815->5832 5817 bc4ae6 5816->5817 5817->5815 5818 bc4af8 5817->5818 5818->5832 5869 bc9125 5818->5869 5822 bc4c2a WriteFile 5819->5822 5819->5832 5822->5832 5823 bc4b24 GetModuleFileNameW 5824 bc4b45 5823->5824 5827 bc4b51 _wcslen 5823->5827 5825 bc9125 __NMSG_WRITE 61 API calls 5824->5825 5825->5827 5826 bc467e __invoke_watson 10 API calls 5826->5827 5827->5826 5829 bc8fc8 61 API calls __NMSG_WRITE 5827->5829 5830 bc4bc7 5827->5830 5878 bc903d 5827->5878 5829->5827 5887 bc8e5c 5830->5887 5905 bc2d39 5832->5905 5915 bc4789 GetModuleHandleW 5833->5915 5840 bc8518 5836->5840 5838 bc854e 5838->5783 5838->5784 5839 bc852f Sleep 5839->5840 5840->5838 5840->5839 5918 bc2e06 5840->5918 5934 bc8996 LeaveCriticalSection 5841->5934 5843 bc8a6d 5843->5789 5845 bc9194 5844->5845 5846 bc919e 5845->5846 5847 bc4722 __write_nolock 64 API calls 5845->5847 5846->5802 5848 bc91b7 5847->5848 5851 bc46d0 5848->5851 5854 bc46a3 DecodePointer 5851->5854 5855 bc46b8 5854->5855 5860 bc467e 5855->5860 5857 bc46cf 5858 bc46a3 __write_nolock 10 API calls 5857->5858 5859 bc46dc 5858->5859 5859->5802 5863 bc4555 5860->5863 5864 bc4574 _memset __call_reportfault 5863->5864 5865 bc4592 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5864->5865 5866 bc4660 __call_reportfault 5865->5866 5867 bc2d39 __write_nolock 5 API calls 5866->5867 5868 bc467c GetCurrentProcess TerminateProcess 5867->5868 5868->5857 5870 bc913a 5869->5870 5871 bc9133 5869->5871 5872 bc4722 __write_nolock 64 API calls 5870->5872 5871->5870 5876 bc915b 5871->5876 5873 bc913f 5872->5873 5874 bc46d0 __write_nolock 11 API calls 5873->5874 5875 bc4b19 5874->5875 5875->5823 5875->5827 5876->5875 5877 bc4722 __write_nolock 64 API calls 5876->5877 5877->5873 5879 bc904f 5878->5879 5881 bc9058 5879->5881 5883 bc9053 5879->5883 5885 bc9096 5879->5885 5880 bc4722 __write_nolock 64 API calls 5882 bc906f 5880->5882 5881->5827 5884 bc46d0 __write_nolock 11 API calls 5882->5884 5883->5880 5883->5881 5884->5881 5885->5881 5886 bc4722 __write_nolock 64 API calls 5885->5886 5886->5882 5913 bc56d6 EncodePointer 5887->5913 5889 bc8e82 5890 bc8f0f 5889->5890 5891 bc8e92 LoadLibraryW 5889->5891 5892 bc8f3c 5890->5892 5895 bc8f29 DecodePointer DecodePointer 5890->5895 5893 bc8fa7 5891->5893 5894 bc8ea7 GetProcAddress 5891->5894 5896 bc8f9b DecodePointer 5892->5896 5897 bc8f72 DecodePointer 5892->5897 5904 bc8f5f 5892->5904 5899 bc2d39 __write_nolock 5 API calls 5893->5899 5894->5893 5898 bc8ebd 7 API calls 5894->5898 5895->5892 5896->5893 5897->5896 5900 bc8f79 5897->5900 5898->5890 5901 bc8eff GetProcAddress EncodePointer 5898->5901 5902 bc8fc6 5899->5902 5900->5896 5903 bc8f8c DecodePointer 5900->5903 5901->5890 5902->5832 5903->5896 5903->5904 5904->5896 5906 bc2d41 5905->5906 5907 bc2d43 IsDebuggerPresent 5905->5907 5906->5813 5914 bc792a 5907->5914 5910 bc3756 SetUnhandledExceptionFilter UnhandledExceptionFilter 5911 bc377b GetCurrentProcess TerminateProcess 5910->5911 5912 bc3773 __call_reportfault 5910->5912 5911->5813 5912->5911 5913->5889 5914->5910 5916 bc479d GetProcAddress 5915->5916 5917 bc47ad ExitProcess 5915->5917 5916->5917 5919 bc2e14 5918->5919 5920 bc2e83 5918->5920 5923 bc2e1f 5919->5923 5928 bc2e6f 5919->5928 5930 bc4c91 _malloc DecodePointer 5919->5930 5931 bc2e6d 5919->5931 5933 bc2e7b 5919->5933 5921 bc4c91 _malloc DecodePointer 5920->5921 5922 bc2e89 5921->5922 5925 bc4722 __write_nolock 64 API calls 5922->5925 5923->5919 5924 bc4c49 __FF_MSGBANNER 64 API calls 5923->5924 5926 bc4a9a __NMSG_WRITE 64 API calls 5923->5926 5927 bc47b4 _doexit 3 API calls 5923->5927 5924->5923 5925->5933 5926->5923 5927->5923 5929 bc4722 __write_nolock 64 API calls 5928->5929 5929->5931 5930->5919 5932 bc4722 __write_nolock 64 API calls 5931->5932 5932->5933 5933->5840 5934->5843 5935->5759 5936->5774 5938 bc7137 5937->5938 5942 bc71a4 5938->5942 5947 bca064 5938->5947 5940 bc72a2 5940->5597 5940->5598 5941 bca064 74 API calls _parse_cmdline 5941->5942 5942->5940 5942->5941 5944 bc5388 5943->5944 5945 bc538f 5943->5945 6271 bc51e5 5944->6271 5945->5591 5950 bca011 5947->5950 5953 bc2e9a 5950->5953 5954 bc2ead 5953->5954 5957 bc2efa 5953->5957 5961 bc5886 5954->5961 5957->5938 5958 bc2eda 5958->5957 5981 bc4edc 5958->5981 5962 bc580d __getptd_noexit 64 API calls 5961->5962 5963 bc588e 5962->5963 5964 bc2eb2 5963->5964 5965 bc4a56 __amsg_exit 64 API calls 5963->5965 5964->5958 5966 bc565d 5964->5966 5965->5964 5967 bc5669 __freefls@4 5966->5967 5968 bc5886 __getptd 64 API calls 5967->5968 5969 bc566e 5968->5969 5970 bc569c 5969->5970 5971 bc5680 5969->5971 5972 bc8a6f __lock 64 API calls 5970->5972 5974 bc5886 __getptd 64 API calls 5971->5974 5973 bc56a3 5972->5973 5997 bc5610 5973->5997 5976 bc5685 5974->5976 5979 bc5693 __freefls@4 5976->5979 5980 bc4a56 __amsg_exit 64 API calls 5976->5980 5979->5958 5980->5979 5982 bc4ee8 __freefls@4 5981->5982 5983 bc5886 __getptd 64 API calls 5982->5983 5984 bc4eed 5983->5984 5985 bc8a6f __lock 64 API calls 5984->5985 5993 bc4eff 5984->5993 5986 bc4f1d 5985->5986 5987 bc4f66 5986->5987 5991 bc4f4e InterlockedIncrement 5986->5991 5992 bc4f34 InterlockedDecrement 5986->5992 6267 bc4f77 5987->6267 5988 bc4a56 __amsg_exit 64 API calls 5990 bc4f0d __freefls@4 5988->5990 5990->5957 5991->5987 5992->5991 5994 bc4f3f 5992->5994 5993->5988 5993->5990 5994->5991 5995 bc2dcc _free 64 API calls 5994->5995 5996 bc4f4d 5995->5996 5996->5991 5998 bc561d 5997->5998 5999 bc5652 5997->5999 5998->5999 6000 bc539d ___addlocaleref 8 API calls 5998->6000 6005 bc56ca 5999->6005 6001 bc5633 6000->6001 6001->5999 6008 bc542c 6001->6008 6266 bc8996 LeaveCriticalSection 6005->6266 6007 bc56d1 6007->5976 6009 bc543d InterlockedDecrement 6008->6009 6010 bc54c0 6008->6010 6011 bc5455 6009->6011 6012 bc5452 InterlockedDecrement 6009->6012 6010->5999 6022 bc54c5 6010->6022 6013 bc545f InterlockedDecrement 6011->6013 6014 bc5462 6011->6014 6012->6011 6013->6014 6015 bc546c InterlockedDecrement 6014->6015 6016 bc546f 6014->6016 6015->6016 6017 bc5479 InterlockedDecrement 6016->6017 6019 bc547c 6016->6019 6017->6019 6018 bc5495 InterlockedDecrement 6018->6019 6019->6018 6020 bc54b0 InterlockedDecrement 6019->6020 6021 bc54a5 InterlockedDecrement 6019->6021 6020->6010 6021->6019 6023 bc5549 6022->6023 6025 bc54dc 6022->6025 6024 bc2dcc _free 64 API calls 6023->6024 6026 bc5596 6023->6026 6027 bc556a 6024->6027 6025->6023 6028 bc5510 6025->6028 6035 bc2dcc _free 64 API calls 6025->6035 6039 bc55bf 6026->6039 6092 bc92ee 6026->6092 6030 bc2dcc _free 64 API calls 6027->6030 6038 bc2dcc _free 64 API calls 6028->6038 6051 bc5531 6028->6051 6032 bc557d 6030->6032 6037 bc2dcc _free 64 API calls 6032->6037 6033 bc2dcc _free 64 API calls 6040 bc553e 6033->6040 6034 bc5604 6041 bc2dcc _free 64 API calls 6034->6041 6042 bc5505 6035->6042 6036 bc2dcc _free 64 API calls 6036->6039 6045 bc558b 6037->6045 6046 bc5526 6038->6046 6039->6034 6047 bc2dcc 64 API calls _free 6039->6047 6048 bc2dcc _free 64 API calls 6040->6048 6043 bc560a 6041->6043 6052 bc96ce 6042->6052 6043->5999 6049 bc2dcc _free 64 API calls 6045->6049 6080 bc9665 6046->6080 6047->6039 6048->6023 6049->6026 6051->6033 6053 bc96df 6052->6053 6079 bc97c8 6052->6079 6054 bc96f0 6053->6054 6055 bc2dcc _free 64 API calls 6053->6055 6056 bc9702 6054->6056 6057 bc2dcc _free 64 API calls 6054->6057 6055->6054 6058 bc9714 6056->6058 6059 bc2dcc _free 64 API calls 6056->6059 6057->6056 6060 bc9726 6058->6060 6062 bc2dcc _free 64 API calls 6058->6062 6059->6058 6061 bc9738 6060->6061 6063 bc2dcc _free 64 API calls 6060->6063 6064 bc974a 6061->6064 6065 bc2dcc _free 64 API calls 6061->6065 6062->6060 6063->6061 6066 bc975c 6064->6066 6067 bc2dcc _free 64 API calls 6064->6067 6065->6064 6068 bc976e 6066->6068 6070 bc2dcc _free 64 API calls 6066->6070 6067->6066 6069 bc9780 6068->6069 6071 bc2dcc _free 64 API calls 6068->6071 6072 bc9792 6069->6072 6073 bc2dcc _free 64 API calls 6069->6073 6070->6068 6071->6069 6074 bc2dcc _free 64 API calls 6072->6074 6076 bc97a4 6072->6076 6073->6072 6074->6076 6075 bc97b6 6078 bc2dcc _free 64 API calls 6075->6078 6075->6079 6076->6075 6077 bc2dcc _free 64 API calls 6076->6077 6077->6075 6078->6079 6079->6028 6081 bc96ca 6080->6081 6082 bc9672 6080->6082 6081->6051 6083 bc9682 6082->6083 6084 bc2dcc _free 64 API calls 6082->6084 6085 bc9694 6083->6085 6086 bc2dcc _free 64 API calls 6083->6086 6084->6083 6087 bc96a6 6085->6087 6089 bc2dcc _free 64 API calls 6085->6089 6086->6085 6088 bc96b8 6087->6088 6090 bc2dcc _free 64 API calls 6087->6090 6088->6081 6091 bc2dcc _free 64 API calls 6088->6091 6089->6087 6090->6088 6091->6081 6093 bc92ff 6092->6093 6094 bc55b4 6092->6094 6095 bc2dcc _free 64 API calls 6093->6095 6094->6036 6096 bc9307 6095->6096 6097 bc2dcc _free 64 API calls 6096->6097 6098 bc930f 6097->6098 6099 bc2dcc _free 64 API calls 6098->6099 6100 bc9317 6099->6100 6101 bc2dcc _free 64 API calls 6100->6101 6102 bc931f 6101->6102 6103 bc2dcc _free 64 API calls 6102->6103 6104 bc9327 6103->6104 6105 bc2dcc _free 64 API calls 6104->6105 6106 bc932f 6105->6106 6107 bc2dcc _free 64 API calls 6106->6107 6108 bc9336 6107->6108 6109 bc2dcc _free 64 API calls 6108->6109 6110 bc933e 6109->6110 6111 bc2dcc _free 64 API calls 6110->6111 6112 bc9346 6111->6112 6113 bc2dcc _free 64 API calls 6112->6113 6114 bc934e 6113->6114 6115 bc2dcc _free 64 API calls 6114->6115 6116 bc9356 6115->6116 6117 bc2dcc _free 64 API calls 6116->6117 6118 bc935e 6117->6118 6119 bc2dcc _free 64 API calls 6118->6119 6120 bc9366 6119->6120 6121 bc2dcc _free 64 API calls 6120->6121 6122 bc936e 6121->6122 6123 bc2dcc _free 64 API calls 6122->6123 6124 bc9376 6123->6124 6125 bc2dcc _free 64 API calls 6124->6125 6126 bc937e 6125->6126 6127 bc2dcc _free 64 API calls 6126->6127 6128 bc9389 6127->6128 6129 bc2dcc _free 64 API calls 6128->6129 6130 bc9391 6129->6130 6131 bc2dcc _free 64 API calls 6130->6131 6132 bc9399 6131->6132 6133 bc2dcc _free 64 API calls 6132->6133 6134 bc93a1 6133->6134 6135 bc2dcc _free 64 API calls 6134->6135 6136 bc93a9 6135->6136 6137 bc2dcc _free 64 API calls 6136->6137 6138 bc93b1 6137->6138 6139 bc2dcc _free 64 API calls 6138->6139 6140 bc93b9 6139->6140 6141 bc2dcc _free 64 API calls 6140->6141 6142 bc93c1 6141->6142 6143 bc2dcc _free 64 API calls 6142->6143 6144 bc93c9 6143->6144 6145 bc2dcc _free 64 API calls 6144->6145 6146 bc93d1 6145->6146 6147 bc2dcc _free 64 API calls 6146->6147 6148 bc93d9 6147->6148 6149 bc2dcc _free 64 API calls 6148->6149 6150 bc93e1 6149->6150 6151 bc2dcc _free 64 API calls 6150->6151 6152 bc93e9 6151->6152 6153 bc2dcc _free 64 API calls 6152->6153 6154 bc93f1 6153->6154 6155 bc2dcc _free 64 API calls 6154->6155 6156 bc93f9 6155->6156 6157 bc2dcc _free 64 API calls 6156->6157 6158 bc9401 6157->6158 6159 bc2dcc _free 64 API calls 6158->6159 6160 bc940f 6159->6160 6161 bc2dcc _free 64 API calls 6160->6161 6162 bc941a 6161->6162 6163 bc2dcc _free 64 API calls 6162->6163 6164 bc9425 6163->6164 6165 bc2dcc _free 64 API calls 6164->6165 6166 bc9430 6165->6166 6167 bc2dcc _free 64 API calls 6166->6167 6168 bc943b 6167->6168 6169 bc2dcc _free 64 API calls 6168->6169 6170 bc9446 6169->6170 6171 bc2dcc _free 64 API calls 6170->6171 6172 bc9451 6171->6172 6173 bc2dcc _free 64 API calls 6172->6173 6174 bc945c 6173->6174 6175 bc2dcc _free 64 API calls 6174->6175 6176 bc9467 6175->6176 6177 bc2dcc _free 64 API calls 6176->6177 6178 bc9472 6177->6178 6179 bc2dcc _free 64 API calls 6178->6179 6180 bc947d 6179->6180 6181 bc2dcc _free 64 API calls 6180->6181 6182 bc9488 6181->6182 6183 bc2dcc _free 64 API calls 6182->6183 6184 bc9493 6183->6184 6185 bc2dcc _free 64 API calls 6184->6185 6186 bc949e 6185->6186 6187 bc2dcc _free 64 API calls 6186->6187 6188 bc94a9 6187->6188 6189 bc2dcc _free 64 API calls 6188->6189 6190 bc94b4 6189->6190 6191 bc2dcc _free 64 API calls 6190->6191 6192 bc94c2 6191->6192 6193 bc2dcc _free 64 API calls 6192->6193 6194 bc94cd 6193->6194 6195 bc2dcc _free 64 API calls 6194->6195 6196 bc94d8 6195->6196 6197 bc2dcc _free 64 API calls 6196->6197 6198 bc94e3 6197->6198 6199 bc2dcc _free 64 API calls 6198->6199 6200 bc94ee 6199->6200 6201 bc2dcc _free 64 API calls 6200->6201 6202 bc94f9 6201->6202 6203 bc2dcc _free 64 API calls 6202->6203 6204 bc9504 6203->6204 6205 bc2dcc _free 64 API calls 6204->6205 6206 bc950f 6205->6206 6207 bc2dcc _free 64 API calls 6206->6207 6208 bc951a 6207->6208 6209 bc2dcc _free 64 API calls 6208->6209 6210 bc9525 6209->6210 6211 bc2dcc _free 64 API calls 6210->6211 6212 bc9530 6211->6212 6213 bc2dcc _free 64 API calls 6212->6213 6214 bc953b 6213->6214 6215 bc2dcc _free 64 API calls 6214->6215 6216 bc9546 6215->6216 6217 bc2dcc _free 64 API calls 6216->6217 6218 bc9551 6217->6218 6219 bc2dcc _free 64 API calls 6218->6219 6220 bc955c 6219->6220 6221 bc2dcc _free 64 API calls 6220->6221 6222 bc9567 6221->6222 6223 bc2dcc _free 64 API calls 6222->6223 6224 bc9575 6223->6224 6225 bc2dcc _free 64 API calls 6224->6225 6226 bc9580 6225->6226 6227 bc2dcc _free 64 API calls 6226->6227 6228 bc958b 6227->6228 6229 bc2dcc _free 64 API calls 6228->6229 6230 bc9596 6229->6230 6231 bc2dcc _free 64 API calls 6230->6231 6232 bc95a1 6231->6232 6233 bc2dcc _free 64 API calls 6232->6233 6234 bc95ac 6233->6234 6235 bc2dcc _free 64 API calls 6234->6235 6236 bc95b7 6235->6236 6237 bc2dcc _free 64 API calls 6236->6237 6238 bc95c2 6237->6238 6239 bc2dcc _free 64 API calls 6238->6239 6240 bc95cd 6239->6240 6241 bc2dcc _free 64 API calls 6240->6241 6242 bc95d8 6241->6242 6243 bc2dcc _free 64 API calls 6242->6243 6244 bc95e3 6243->6244 6245 bc2dcc _free 64 API calls 6244->6245 6246 bc95ee 6245->6246 6247 bc2dcc _free 64 API calls 6246->6247 6248 bc95f9 6247->6248 6249 bc2dcc _free 64 API calls 6248->6249 6250 bc9604 6249->6250 6251 bc2dcc _free 64 API calls 6250->6251 6252 bc960f 6251->6252 6253 bc2dcc _free 64 API calls 6252->6253 6254 bc961a 6253->6254 6255 bc2dcc _free 64 API calls 6254->6255 6256 bc9628 6255->6256 6257 bc2dcc _free 64 API calls 6256->6257 6258 bc9633 6257->6258 6259 bc2dcc _free 64 API calls 6258->6259 6260 bc963e 6259->6260 6261 bc2dcc _free 64 API calls 6260->6261 6262 bc9649 6261->6262 6263 bc2dcc _free 64 API calls 6262->6263 6264 bc9654 6263->6264 6265 bc2dcc _free 64 API calls 6264->6265 6265->6094 6266->6007 6270 bc8996 LeaveCriticalSection 6267->6270 6269 bc4f7e 6269->5993 6270->6269 6272 bc51f1 __freefls@4 6271->6272 6273 bc5886 __getptd 64 API calls 6272->6273 6274 bc51fa 6273->6274 6275 bc4edc _LocaleUpdate::_LocaleUpdate 66 API calls 6274->6275 6276 bc5204 6275->6276 6302 bc4f80 6276->6302 6279 bc850f __malloc_crt 64 API calls 6280 bc5225 6279->6280 6281 bc5344 __freefls@4 6280->6281 6309 bc4ffc 6280->6309 6281->5945 6284 bc5255 InterlockedDecrement 6286 bc5265 6284->6286 6287 bc5276 InterlockedIncrement 6284->6287 6285 bc5351 6285->6281 6289 bc5364 6285->6289 6290 bc2dcc _free 64 API calls 6285->6290 6286->6287 6292 bc2dcc _free 64 API calls 6286->6292 6287->6281 6288 bc528c 6287->6288 6288->6281 6293 bc8a6f __lock 64 API calls 6288->6293 6291 bc4722 __write_nolock 64 API calls 6289->6291 6290->6289 6291->6281 6294 bc5275 6292->6294 6296 bc52a0 InterlockedDecrement 6293->6296 6294->6287 6297 bc532f InterlockedIncrement 6296->6297 6299 bc531c 6296->6299 6319 bc5346 6297->6319 6299->6297 6300 bc2dcc _free 64 API calls 6299->6300 6301 bc532e 6300->6301 6301->6297 6303 bc2e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6302->6303 6304 bc4f94 6303->6304 6305 bc4fbd 6304->6305 6306 bc4f9f GetOEMCP 6304->6306 6307 bc4fc2 GetACP 6305->6307 6308 bc4faf 6305->6308 6306->6308 6307->6308 6308->6279 6308->6281 6310 bc4f80 getSystemCP 76 API calls 6309->6310 6312 bc501c 6310->6312 6311 bc5027 setSBCS 6314 bc2d39 __write_nolock 5 API calls 6311->6314 6312->6311 6313 bc5090 _memset __setmbcp_nolock 6312->6313 6315 bc506b IsValidCodePage 6312->6315 6322 bc4d4c GetCPInfo 6313->6322 6316 bc51e3 6314->6316 6315->6311 6317 bc507d GetCPInfo 6315->6317 6316->6284 6316->6285 6317->6311 6317->6313 6383 bc8996 LeaveCriticalSection 6319->6383 6321 bc534d 6321->6281 6323 bc4d80 _memset 6322->6323 6324 bc4e34 6322->6324 6332 bc92ae 6323->6332 6327 bc2d39 __write_nolock 5 API calls 6324->6327 6329 bc4eda 6327->6329 6329->6313 6331 bc5d51 ___crtLCMapStringA 80 API calls 6331->6324 6333 bc2e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6332->6333 6334 bc92c1 6333->6334 6342 bc91c7 6334->6342 6337 bc5d51 6338 bc2e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6337->6338 6339 bc5d64 6338->6339 6359 bc5b6a 6339->6359 6343 bc91e5 6342->6343 6344 bc91f0 MultiByteToWideChar 6342->6344 6343->6344 6346 bc921d 6344->6346 6354 bc9219 6344->6354 6345 bc2d39 __write_nolock 5 API calls 6347 bc4def 6345->6347 6348 bc2e06 _malloc 64 API calls 6346->6348 6350 bc9232 _memset __crtGetStringTypeA_stat 6346->6350 6347->6337 6348->6350 6349 bc926b MultiByteToWideChar 6351 bc9281 GetStringTypeW 6349->6351 6352 bc9292 6349->6352 6350->6349 6350->6354 6351->6352 6355 bc5b4a 6352->6355 6354->6345 6356 bc5b56 6355->6356 6358 bc5b67 6355->6358 6357 bc2dcc _free 64 API calls 6356->6357 6356->6358 6357->6358 6358->6354 6360 bc5b88 MultiByteToWideChar 6359->6360 6362 bc5be6 6360->6362 6366 bc5bed 6360->6366 6363 bc2d39 __write_nolock 5 API calls 6362->6363 6365 bc4e0f 6363->6365 6364 bc5c3a MultiByteToWideChar 6368 bc5d32 6364->6368 6369 bc5c53 LCMapStringW 6364->6369 6365->6331 6367 bc2e06 _malloc 64 API calls 6366->6367 6372 bc5c06 __crtGetStringTypeA_stat 6366->6372 6367->6372 6370 bc5b4a __freea 64 API calls 6368->6370 6369->6368 6371 bc5c72 6369->6371 6370->6362 6373 bc5c7c 6371->6373 6375 bc5ca5 6371->6375 6372->6362 6372->6364 6373->6368 6374 bc5c90 LCMapStringW 6373->6374 6374->6368 6377 bc5cc0 __crtGetStringTypeA_stat 6375->6377 6378 bc2e06 _malloc 64 API calls 6375->6378 6376 bc5cf4 LCMapStringW 6379 bc5d2c 6376->6379 6380 bc5d0a WideCharToMultiByte 6376->6380 6377->6368 6377->6376 6378->6377 6381 bc5b4a __freea 64 API calls 6379->6381 6380->6379 6381->6368 6383->6321 6385 bc9939 6384->6385 6386 bc9940 6384->6386 6385->6386 6389 bc995e 6385->6389 6387 bc4722 __write_nolock 64 API calls 6386->6387 6388 bc9945 6387->6388 6390 bc46d0 __write_nolock 11 API calls 6388->6390 6391 bc994f 6389->6391 6392 bc4722 __write_nolock 64 API calls 6389->6392 6390->6391 6391->5613 6392->6388 6394 bc84f2 EncodePointer 6393->6394 6394->6394 6395 bc850c 6394->6395 6395->5626 6399 bc6da4 6396->6399 6398 bc6ded 6398->5628 6400 bc6db0 __freefls@4 6399->6400 6407 bc47cc 6400->6407 6406 bc6dd1 __freefls@4 6406->6398 6408 bc8a6f __lock 64 API calls 6407->6408 6409 bc47d3 6408->6409 6410 bc6cbd DecodePointer DecodePointer 6409->6410 6411 bc6d6c 6410->6411 6412 bc6ceb 6410->6412 6421 bc6dda 6411->6421 6412->6411 6424 bc9fde 6412->6424 6414 bc6d4f EncodePointer EncodePointer 6414->6411 6415 bc6cfd 6415->6414 6416 bc6d21 6415->6416 6431 bc85a0 6415->6431 6416->6411 6418 bc85a0 __realloc_crt 68 API calls 6416->6418 6419 bc6d3d EncodePointer 6416->6419 6420 bc6d37 6418->6420 6419->6414 6420->6411 6420->6419 6457 bc47d5 6421->6457 6425 bc9ffe HeapSize 6424->6425 6426 bc9fe9 6424->6426 6425->6415 6427 bc4722 __write_nolock 64 API calls 6426->6427 6428 bc9fee 6427->6428 6429 bc46d0 __write_nolock 11 API calls 6428->6429 6430 bc9ff9 6429->6430 6430->6415 6432 bc85a9 6431->6432 6434 bc85e8 6432->6434 6435 bc85c9 Sleep 6432->6435 6436 bc306d 6432->6436 6434->6416 6435->6432 6437 bc3078 6436->6437 6438 bc3083 6436->6438 6440 bc2e06 _malloc 64 API calls 6437->6440 6439 bc308b 6438->6439 6449 bc3098 6438->6449 6441 bc2dcc _free 64 API calls 6439->6441 6442 bc3080 6440->6442 6456 bc3093 _free 6441->6456 6442->6432 6443 bc30d0 6445 bc4c91 _malloc DecodePointer 6443->6445 6444 bc30a0 HeapReAlloc 6444->6449 6444->6456 6446 bc30d6 6445->6446 6447 bc4722 __write_nolock 64 API calls 6446->6447 6447->6456 6448 bc3100 6451 bc4722 __write_nolock 64 API calls 6448->6451 6449->6443 6449->6444 6449->6448 6450 bc4c91 _malloc DecodePointer 6449->6450 6453 bc30e8 6449->6453 6450->6449 6452 bc3105 GetLastError 6451->6452 6452->6456 6454 bc4722 __write_nolock 64 API calls 6453->6454 6455 bc30ed GetLastError 6454->6455 6455->6456 6456->6432 6460 bc8996 LeaveCriticalSection 6457->6460 6459 bc47dc 6459->6406 6460->6459 6462 bc1cee 6461->6462 6463 bc2910 6462->6463 6465 bc298d StrStrA 6463->6465 6467 bc291e 6463->6467 6465->5640 6465->5641 6466 bc294b StrToIntA 6466->6467 6467->6465 6467->6466 6468 bc297b lstrcpyA 6467->6468 6506 bc3036 6467->6506 6468->6467 6470 bc2a9c CreateDirectoryA GetLastError CreateFileA 6469->6470 6471 bc2a8f 6469->6471 6472 bc2adc GetFileSize 6470->6472 6473 bc2c33 6470->6473 6471->6470 6532 bc3469 6472->6532 6475 bc2d39 __write_nolock 5 API calls 6473->6475 6477 bc2c42 lstrcpyA 6475->6477 6477->5647 6477->5649 6478 bc2b5e lstrcpyA 6481 bc2b8c wsprintfA CreateFileA 6478->6481 6482 bc2b7f 6478->6482 6479 bc2b14 6479->6478 6480 bc2b1c 6479->6480 6480->6481 6483 bc2b21 lstrcpyA 6480->6483 6481->6473 6484 bc2bce WriteFile GetTickCount WriteFile CloseHandle 6481->6484 6482->6481 6555 bc1000 6483->6555 6486 bc2c16 ctype 6484->6486 6544 bc29a0 lstrcpyA 6486->6544 6490 bc2b5c 6490->6481 6491 bc2c28 WinExec 6491->6473 6493 bc28ee 6492->6493 6501 bc281f 6492->6501 6494 bc2d39 __write_nolock 5 API calls 6493->6494 6495 bc28ff 6494->6495 6495->5650 6497 bc288b Sleep 6497->6501 6499 bc2873 Sleep 6499->6501 6501->6497 6501->6499 6579 bc1460 gethostbyname 6501->6579 6593 bc19a0 GetUserNameA 6501->6593 6610 bc1b60 6501->6610 6624 bc2750 6501->6624 6504 bc28dc Sleep 6504->6501 6505 bc28d5 closesocket 6505->6504 6507 bc3054 6506->6507 6508 bc3044 6506->6508 6510 bc2f21 6507->6510 6508->6467 6511 bc2e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6510->6511 6512 bc2f36 6511->6512 6513 bc2f96 6512->6513 6515 bc2f42 6512->6515 6514 bc2fbb 6513->6514 6529 bc5d97 6513->6529 6517 bc4722 __write_nolock 64 API calls 6514->6517 6519 bc2fc1 6514->6519 6520 bc2f5a 6515->6520 6522 bc5de2 6515->6522 6517->6519 6521 bc5d51 ___crtLCMapStringA 80 API calls 6519->6521 6520->6508 6521->6520 6523 bc2e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6522->6523 6524 bc5df6 6523->6524 6525 bc5d97 __isleadbyte_l 74 API calls 6524->6525 6528 bc5e03 6524->6528 6526 bc5e2b 6525->6526 6527 bc92ae ___crtGetStringTypeA 77 API calls 6526->6527 6527->6528 6528->6520 6530 bc2e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6529->6530 6531 bc5daa 6530->6531 6531->6514 6534 bc3473 6532->6534 6533 bc2e06 _malloc 64 API calls 6533->6534 6534->6533 6535 bc2aee ReadFile CloseHandle 6534->6535 6536 bc4c91 _malloc DecodePointer 6534->6536 6539 bc348f std::exception::exception 6534->6539 6535->6478 6535->6479 6536->6534 6537 bc34cd 6557 bc6c67 6537->6557 6539->6537 6541 bc6de0 __cinit 74 API calls 6539->6541 6541->6537 6543 bc34e8 6545 bc29cd 6544->6545 6546 bc29da RegCreateKeyA 6544->6546 6545->6546 6547 bc2a3d 6546->6547 6548 bc29f2 lstrcpyA 6546->6548 6549 bc2d39 __write_nolock 5 API calls 6547->6549 6550 bc2a11 lstrlenA RegSetValueExA 6548->6550 6551 bc2a05 6548->6551 6554 bc2a4b 6549->6554 6552 bc2a30 6550->6552 6553 bc2a33 RegCloseKey 6550->6553 6551->6550 6551->6551 6552->6553 6553->6547 6554->6473 6554->6491 6556 bc1007 CreateDirectoryA lstrcpyA 6555->6556 6556->6490 6563 bc6c00 6557->6563 6560 bc6df7 6561 bc6e2c RaiseException 6560->6561 6562 bc6e20 6560->6562 6561->6543 6562->6561 6564 bc6c10 6563->6564 6568 bc34d7 6563->6568 6569 bc6be2 6564->6569 6568->6560 6570 bc6bed 6569->6570 6572 bc6bf5 6569->6572 6571 bc2dcc _free 64 API calls 6570->6571 6571->6572 6572->6568 6573 bc6ba2 6572->6573 6574 bc6bd5 6573->6574 6575 bc6bb0 _strlen 6573->6575 6574->6568 6576 bc2e06 _malloc 64 API calls 6575->6576 6577 bc6bc2 6576->6577 6577->6574 6578 bc992b _strcpy_s 64 API calls 6577->6578 6578->6574 6580 bc149a socket 6579->6580 6581 bc1482 WSAGetLastError 6579->6581 6583 bc14b3 htons connect 6580->6583 6588 bc1559 6580->6588 6582 bc2d39 __write_nolock 5 API calls 6581->6582 6585 bc1496 6582->6585 6586 bc150b setsockopt 6583->6586 6587 bc14f2 closesocket 6583->6587 6584 bc2d39 __write_nolock 5 API calls 6590 bc1567 6584->6590 6585->6501 6586->6588 6589 bc152a WSAIoctl 6586->6589 6591 bc2d39 __write_nolock 5 API calls 6587->6591 6588->6584 6589->6588 6590->6501 6592 bc1507 6591->6592 6592->6501 6631 bc1720 6593->6631 6595 bc19db 6642 bc1570 6595->6642 6600 bc1a37 gethostname 6601 bc1a4d gethostbyname 6600->6601 6602 bc1a67 WSACleanup 6600->6602 6601->6602 6603 bc1a5e 6601->6603 6602->6603 6665 bc17e0 GetComputerNameA 6603->6665 6605 bc1ab0 6684 bc12a0 6605->6684 6607 bc1ade 6608 bc2d39 __write_nolock 5 API calls 6607->6608 6609 bc1aed 6608->6609 6609->6501 6614 bc1b72 6610->6614 6611 bc1b80 recv 6611->6614 6612 bc1c8c 6615 bc2d39 __write_nolock 5 API calls 6612->6615 6613 bc1b9e WSAGetLastError 6613->6612 6613->6614 6614->6611 6614->6612 6614->6613 6616 bc1bba Sleep 6614->6616 6617 bc1c5e 6614->6617 6618 bc1bd3 GetProcessHeap 6614->6618 6623 bc1c73 GetProcessHeap HeapFree 6614->6623 6923 bc1b00 6614->6923 6619 bc1c9a 6615->6619 6616->6614 6620 bc2d39 __write_nolock 5 API calls 6617->6620 6618->6614 6619->6501 6621 bc1c6f 6620->6621 6621->6501 6623->6612 6625 bc27ae 6624->6625 6630 bc2764 6624->6630 6626 bc12a0 8 API calls 6625->6626 6628 bc27d2 recv 6626->6628 6627 bc2796 GetProcessHeap HeapFree 6627->6625 6627->6630 6628->6504 6628->6505 6630->6627 6929 bc22a0 6630->6929 6695 bc68f0 6631->6695 6634 bc1767 GetVersionExA 6635 bc178f wsprintfA 6634->6635 6636 bc177e 6634->6636 6640 bc2d39 __write_nolock 5 API calls 6635->6640 6637 bc2d39 __write_nolock 5 API calls 6636->6637 6639 bc178b 6637->6639 6639->6595 6641 bc17da 6640->6641 6641->6595 6643 bc15c9 _memset 6642->6643 6644 bc161d lstrcpyA 6643->6644 6645 bc1635 6644->6645 6646 bc164c RegOpenKeyExA 6645->6646 6647 bc170d 6645->6647 6646->6647 6650 bc1671 _memset 6646->6650 6648 bc2d39 __write_nolock 5 API calls 6647->6648 6649 bc171b 6648->6649 6654 bc2d48 6649->6654 6650->6650 6651 bc16b8 RegQueryValueExA 6650->6651 6653 bc1700 RegCloseKey 6650->6653 6651->6650 6652 bc16db lstrcatA lstrcatA 6651->6652 6652->6650 6653->6647 6655 bc2d7b 6654->6655 6656 bc2d66 6654->6656 6655->6656 6658 bc2d82 6655->6658 6657 bc4722 __write_nolock 64 API calls 6656->6657 6659 bc2d6b 6657->6659 6697 bc399a 6658->6697 6661 bc46d0 __write_nolock 11 API calls 6659->6661 6663 bc1a0d lstrlenA WSAStartup 6661->6663 6663->6600 6663->6603 6666 bc2e06 _malloc 64 API calls 6665->6666 6667 bc182c 6666->6667 6668 bc1845 GetAdaptersInfo 6667->6668 6669 bc1835 6667->6669 6671 bc306d __realloc_crt 67 API calls 6668->6671 6670 bc2d39 __write_nolock 5 API calls 6669->6670 6672 bc1841 6670->6672 6673 bc1863 GetAdaptersInfo 6671->6673 6672->6605 6674 bc187c 6673->6674 6679 bc188f 6673->6679 6675 bc2d39 __write_nolock 5 API calls 6674->6675 6677 bc188b 6675->6677 6676 bc1944 6678 bc2dcc _free 64 API calls 6676->6678 6677->6605 6680 bc1950 6678->6680 6679->6676 6679->6679 6681 bc2d48 100 API calls _sprintf 6679->6681 6682 bc2d39 __write_nolock 5 API calls 6680->6682 6681->6679 6683 bc1994 6682->6683 6683->6605 6690 bc12ad __write_nolock 6684->6690 6685 bc13e6 send 6685->6690 6686 bc142f 6688 bc2d39 __write_nolock 5 API calls 6686->6688 6687 bc1406 WSAGetLastError 6689 bc1443 6687->6689 6687->6690 6691 bc143f 6688->6691 6692 bc2d39 __write_nolock 5 API calls 6689->6692 6690->6685 6690->6686 6690->6687 6690->6689 6693 bc141a Sleep 6690->6693 6691->6607 6694 bc1452 6692->6694 6693->6690 6694->6607 6696 bc1747 GetVersionExA 6695->6696 6696->6634 6696->6635 6698 bc2e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6697->6698 6699 bc3a01 6698->6699 6700 bc3a05 6699->6700 6714 bc3a3c __output_l __aulldvrm _strlen 6699->6714 6739 bc84c6 6699->6739 6701 bc4722 __write_nolock 64 API calls 6700->6701 6702 bc3a0a 6701->6702 6704 bc46d0 __write_nolock 11 API calls 6702->6704 6705 bc3a15 6704->6705 6706 bc2d39 __write_nolock 5 API calls 6705->6706 6707 bc2da8 6706->6707 6707->6663 6718 bc378f 6707->6718 6708 bc5d97 __isleadbyte_l 74 API calls 6708->6714 6709 bc2dcc _free 64 API calls 6709->6714 6710 bc4091 DecodePointer 6710->6714 6711 bc38f3 95 API calls _write_string 6711->6714 6712 bc8840 76 API calls __cftof 6712->6714 6713 bc850f __malloc_crt 64 API calls 6713->6714 6714->6700 6714->6705 6714->6708 6714->6709 6714->6710 6714->6711 6714->6712 6714->6713 6715 bc40fa DecodePointer 6714->6715 6716 bc411b DecodePointer 6714->6716 6717 bc3926 95 API calls _write_string 6714->6717 6715->6714 6716->6714 6717->6714 6719 bc84c6 __fflush_nolock 64 API calls 6718->6719 6720 bc379f 6719->6720 6721 bc37aa 6720->6721 6722 bc37c1 6720->6722 6723 bc4722 __write_nolock 64 API calls 6721->6723 6724 bc37c5 6722->6724 6729 bc37d2 __flsbuf 6722->6729 6733 bc37af 6723->6733 6725 bc4722 __write_nolock 64 API calls 6724->6725 6725->6733 6726 bc3833 6727 bc38c2 6726->6727 6728 bc3842 6726->6728 6730 bc819e __write 95 API calls 6727->6730 6731 bc3859 6728->6731 6735 bc3876 6728->6735 6729->6726 6729->6733 6736 bc3828 6729->6736 6746 bc82bb 6729->6746 6730->6733 6758 bc819e 6731->6758 6733->6663 6735->6733 6783 bc79b7 6735->6783 6736->6726 6755 bc8272 6736->6755 6740 bc84e7 6739->6740 6741 bc84d2 6739->6741 6740->6714 6742 bc4722 __write_nolock 64 API calls 6741->6742 6743 bc84d7 6742->6743 6744 bc46d0 __write_nolock 11 API calls 6743->6744 6745 bc84e2 6744->6745 6745->6714 6747 bc82c8 6746->6747 6748 bc82d7 6746->6748 6749 bc4722 __write_nolock 64 API calls 6747->6749 6750 bc82f5 6748->6750 6751 bc4722 __write_nolock 64 API calls 6748->6751 6752 bc82cd 6749->6752 6750->6736 6753 bc82e8 6751->6753 6752->6736 6754 bc46d0 __write_nolock 11 API calls 6753->6754 6754->6752 6756 bc850f __malloc_crt 64 API calls 6755->6756 6757 bc8287 6756->6757 6757->6726 6759 bc81aa __freefls@4 6758->6759 6760 bc81cd 6759->6760 6761 bc81b2 6759->6761 6763 bc81d9 6760->6763 6766 bc8213 6760->6766 6808 bc4735 6761->6808 6765 bc4735 __write_nolock 64 API calls 6763->6765 6768 bc81de 6765->6768 6811 bca2c1 6766->6811 6767 bc4722 __write_nolock 64 API calls 6776 bc81bf __freefls@4 6767->6776 6769 bc4722 __write_nolock 64 API calls 6768->6769 6771 bc81e6 6769->6771 6773 bc46d0 __write_nolock 11 API calls 6771->6773 6772 bc8219 6774 bc823b 6772->6774 6775 bc8227 6772->6775 6773->6776 6778 bc4722 __write_nolock 64 API calls 6774->6778 6821 bc7aa1 6775->6821 6776->6733 6780 bc8240 6778->6780 6779 bc8233 6880 bc826a 6779->6880 6781 bc4735 __write_nolock 64 API calls 6780->6781 6781->6779 6784 bc79c3 __freefls@4 6783->6784 6785 bc79d4 6784->6785 6786 bc79f0 6784->6786 6787 bc4735 __write_nolock 64 API calls 6785->6787 6788 bc79fc 6786->6788 6792 bc7a36 6786->6792 6790 bc79d9 6787->6790 6789 bc4735 __write_nolock 64 API calls 6788->6789 6791 bc7a01 6789->6791 6793 bc4722 __write_nolock 64 API calls 6790->6793 6794 bc4722 __write_nolock 64 API calls 6791->6794 6795 bca2c1 ___lock_fhandle 66 API calls 6792->6795 6801 bc79e1 __freefls@4 6793->6801 6796 bc7a09 6794->6796 6797 bc7a3c 6795->6797 6798 bc46d0 __write_nolock 11 API calls 6796->6798 6799 bc7a4a 6797->6799 6800 bc7a66 6797->6800 6798->6801 6802 bc7932 __lseeki64_nolock 66 API calls 6799->6802 6803 bc4722 __write_nolock 64 API calls 6800->6803 6801->6733 6805 bc7a5b 6802->6805 6804 bc7a6b 6803->6804 6806 bc4735 __write_nolock 64 API calls 6804->6806 6919 bc7a97 6805->6919 6806->6805 6809 bc580d __getptd_noexit 64 API calls 6808->6809 6810 bc473a 6809->6810 6810->6767 6812 bca2cd __freefls@4 6811->6812 6813 bca327 6812->6813 6814 bc8a6f __lock 64 API calls 6812->6814 6815 bca32c EnterCriticalSection 6813->6815 6816 bca349 __freefls@4 6813->6816 6817 bca2f9 6814->6817 6815->6816 6816->6772 6818 bca315 6817->6818 6819 bca302 InitializeCriticalSectionAndSpinCount 6817->6819 6883 bca357 6818->6883 6819->6818 6822 bc7ab0 __write_nolock 6821->6822 6823 bc7b05 6822->6823 6824 bc7ae6 6822->6824 6854 bc7adb 6822->6854 6827 bc7b61 6823->6827 6828 bc7b44 6823->6828 6825 bc4735 __write_nolock 64 API calls 6824->6825 6829 bc7aeb 6825->6829 6826 bc2d39 __write_nolock 5 API calls 6830 bc819c 6826->6830 6832 bc7b74 6827->6832 6887 bc7932 6827->6887 6831 bc4735 __write_nolock 64 API calls 6828->6831 6833 bc4722 __write_nolock 64 API calls 6829->6833 6830->6779 6834 bc7b49 6831->6834 6837 bc82bb __write_nolock 64 API calls 6832->6837 6836 bc7af2 6833->6836 6838 bc4722 __write_nolock 64 API calls 6834->6838 6839 bc46d0 __write_nolock 11 API calls 6836->6839 6840 bc7b7d 6837->6840 6842 bc7b51 6838->6842 6839->6854 6841 bc7e1f 6840->6841 6846 bc5886 __getptd 64 API calls 6840->6846 6844 bc7e2e 6841->6844 6845 bc80cf WriteFile 6841->6845 6843 bc46d0 __write_nolock 11 API calls 6842->6843 6843->6854 6847 bc7ee9 6844->6847 6856 bc7e41 6844->6856 6849 bc7e01 6845->6849 6850 bc8102 GetLastError 6845->6850 6848 bc7b98 GetConsoleMode 6846->6848 6864 bc7ef6 6847->6864 6870 bc7fc3 6847->6870 6848->6841 6852 bc7bc1 6848->6852 6851 bc814d 6849->6851 6849->6854 6858 bc8120 6849->6858 6850->6849 6851->6854 6857 bc4722 __write_nolock 64 API calls 6851->6857 6852->6841 6853 bc7bd1 GetConsoleCP 6852->6853 6853->6849 6875 bc7bf4 6853->6875 6854->6826 6855 bc7e8b WriteFile 6855->6850 6855->6856 6856->6849 6856->6851 6856->6855 6859 bc8170 6857->6859 6861 bc813f 6858->6861 6862 bc812b 6858->6862 6866 bc4735 __write_nolock 64 API calls 6859->6866 6860 bc8034 WideCharToMultiByte 6860->6850 6868 bc806b WriteFile 6860->6868 6900 bc4748 6861->6900 6867 bc4722 __write_nolock 64 API calls 6862->6867 6863 bc7f65 WriteFile 6863->6850 6863->6864 6864->6849 6864->6851 6864->6863 6866->6854 6869 bc8130 6867->6869 6868->6870 6871 bc80a2 GetLastError 6868->6871 6873 bc4735 __write_nolock 64 API calls 6869->6873 6870->6849 6870->6851 6870->6860 6870->6868 6871->6870 6873->6854 6874 bc7ca0 WideCharToMultiByte 6874->6849 6877 bc7cd1 WriteFile 6874->6877 6875->6849 6875->6850 6875->6874 6876 bca4df 76 API calls __fassign 6875->6876 6878 bca387 WriteConsoleW CreateFileW __write_nolock 6875->6878 6879 bc7d25 WriteFile 6875->6879 6897 bc5dcf 6875->6897 6876->6875 6877->6850 6877->6875 6878->6875 6879->6850 6879->6875 6918 bca360 LeaveCriticalSection 6880->6918 6882 bc8270 6882->6776 6886 bc8996 LeaveCriticalSection 6883->6886 6885 bca35e 6885->6813 6886->6885 6905 bca258 6887->6905 6889 bc7950 6890 bc7958 6889->6890 6891 bc7969 SetFilePointer 6889->6891 6893 bc4722 __write_nolock 64 API calls 6890->6893 6892 bc7981 GetLastError 6891->6892 6895 bc795d 6891->6895 6894 bc798b 6892->6894 6892->6895 6893->6895 6896 bc4748 __dosmaperr 64 API calls 6894->6896 6895->6832 6896->6895 6898 bc5d97 __isleadbyte_l 74 API calls 6897->6898 6899 bc5dde 6898->6899 6899->6875 6901 bc4735 __write_nolock 64 API calls 6900->6901 6902 bc4753 _free 6901->6902 6903 bc4722 __write_nolock 64 API calls 6902->6903 6904 bc4766 6903->6904 6904->6854 6906 bca27d 6905->6906 6907 bca265 6905->6907 6910 bc4735 __write_nolock 64 API calls 6906->6910 6912 bca2bc 6906->6912 6908 bc4735 __write_nolock 64 API calls 6907->6908 6909 bca26a 6908->6909 6913 bc4722 __write_nolock 64 API calls 6909->6913 6911 bca28e 6910->6911 6914 bc4722 __write_nolock 64 API calls 6911->6914 6912->6889 6917 bca272 6913->6917 6915 bca296 6914->6915 6916 bc46d0 __write_nolock 11 API calls 6915->6916 6916->6917 6917->6889 6918->6882 6922 bca360 LeaveCriticalSection 6919->6922 6921 bc7a9f 6921->6801 6922->6921 6925 bc1b50 6923->6925 6927 bc1b11 6923->6927 6924 bc1b17 recv 6924->6927 6925->6614 6926 bc1b30 WSAGetLastError 6926->6925 6926->6927 6927->6924 6927->6925 6927->6926 6928 bc1b44 Sleep 6927->6928 6928->6927 6932 bc22c4 _memset 6929->6932 6971 bc2730 6929->6971 6930 bc2d39 __write_nolock 5 API calls 6931 bc2740 6930->6931 6931->6630 6997 bc33c9 GetSystemTimeAsFileTime 6932->6997 6934 bc2305 6999 bc33a2 6934->6999 6936 bc2320 _memmove 6937 bc2336 lstrcpyA 6936->6937 6938 bc2360 wsprintfA 6937->6938 6939 bc2353 6937->6939 6940 bc23a6 6938->6940 6939->6938 6940->6940 6941 bc12a0 8 API calls 6940->6941 6942 bc23ce lstrcmpA 6941->6942 6943 bc23ed 6942->6943 6942->6971 6944 bc1ca0 2 API calls 6943->6944 6945 bc23ff lstrcmpA 6944->6945 6947 bc24be lstrcmpA 6945->6947 6948 bc242b lstrcpyA StrToIntA 6945->6948 6949 bc25b4 lstrcmpA 6947->6949 6950 bc24d0 6947->6950 6951 bc246b wsprintfA lstrlenA 6948->6951 6952 bc2457 6948->6952 6954 bc25c6 StrChrA 6949->6954 6955 bc2671 lstrcmpA 6949->6955 7004 bc1dc0 6950->7004 6984 bc26e3 6951->6984 6952->6951 6960 bc25de 6954->6960 6961 bc25d9 6954->6961 6957 bc2721 6955->6957 6958 bc2683 6955->6958 6956 bc12a0 8 API calls 6962 bc270d 6956->6962 7024 bc2000 6957->7024 6963 bc1dc0 11 API calls 6958->6963 6968 bc1f10 8 API calls 6960->6968 6967 bc25ed lstrcpyA 6961->6967 6969 bc2d39 __write_nolock 5 API calls 6962->6969 6970 bc268e 6963->6970 6965 bc24df lstrcpyA 6972 bc1000 6965->6972 6966 bc2519 lstrcpyA 6973 bc1000 6966->6973 6975 bc1000 6967->6975 6974 bc25e6 6968->6974 6976 bc271d 6969->6976 6977 bc2692 lstrcpyA 6970->6977 6978 bc26b3 lstrcpyA 6970->6978 6971->6930 6979 bc24f8 lstrcatA lstrlenA 6972->6979 6980 bc2532 lstrcatA 6973->6980 6974->6967 6981 bc2630 lstrcpyA 6974->6981 6982 bc25fd lstrcatA lstrcatA lstrlenA 6975->6982 6976->6630 6983 bc26ab 6977->6983 6978->6983 6979->6984 7014 bc1f10 GetTempPathA 6980->7014 6986 bc1000 6981->6986 6982->6984 6989 bc26d4 lstrcatA 6983->6989 6984->6956 6987 bc2640 lstrcpyA lstrcatA lstrlenA 6986->6987 6987->6984 6988 bc254a 6990 bc2571 lstrcpyA 6988->6990 6991 bc2551 lstrcpyA 6988->6991 6989->6984 6992 bc1000 6990->6992 6993 bc1000 6991->6993 6995 bc2587 lstrcpyA 6992->6995 6994 bc2565 lstrcatA 6993->6994 6996 bc2591 lstrcatA lstrlenA 6994->6996 6995->6996 6996->6984 6998 bc33f9 __aulldiv 6997->6998 6998->6934 7048 bc6ad2 6999->7048 7001 bc33ad 7003 bc33bc 7001->7003 7056 bc311a 7001->7056 7003->6936 7005 bc1de4 GetTempPathA SetCurrentDirectoryA DeleteUrlCacheEntry CreateFileA 7004->7005 7006 bc1ef5 7004->7006 7005->7006 7011 bc1e3a _memset 7005->7011 7008 bc2d39 __write_nolock 5 API calls 7006->7008 7009 bc1f04 7008->7009 7009->6965 7009->6966 7010 bc1ea1 WriteFile 7010->7011 7011->7006 7011->7010 7012 bc1edc CloseHandle 7011->7012 7012->7006 7017 bc1f48 _memset 7014->7017 7015 bc1f90 CreateProcessA 7016 bc1fb9 7015->7016 7015->7017 7018 bc1fbe 7016->7018 7019 bc1fd0 CloseHandle 7016->7019 7017->7015 7017->7016 7020 bc2d39 __write_nolock 5 API calls 7018->7020 7021 bc2d39 __write_nolock 5 API calls 7019->7021 7022 bc1fcc 7020->7022 7023 bc1fee 7021->7023 7022->6988 7023->6988 7025 bc200d _memset __write_nolock 7024->7025 7026 bc204e lstrcpyA 7025->7026 7027 bc2071 7026->7027 7028 bc2d48 _sprintf 100 API calls 7027->7028 7029 bc2096 CreatePipe 7028->7029 7032 bc20e2 _memset 7029->7032 7030 bc2140 CreateProcessA 7031 bc2169 7030->7031 7030->7032 7033 bc216e 7031->7033 7034 bc2181 Sleep WaitForSingleObject GetExitCodeProcess 7031->7034 7032->7030 7032->7031 7035 bc2d39 __write_nolock 5 API calls 7033->7035 7036 bc2202 CloseHandle CloseHandle 7034->7036 7037 bc21c2 7034->7037 7038 bc217d 7035->7038 7040 bc2220 ReadFile 7036->7040 7037->7036 7039 bc21ce TerminateProcess CloseHandle CloseHandle CloseHandle 7037->7039 7038->6971 7041 bc228a 7039->7041 7042 bc227d CloseHandle 7040->7042 7046 bc2247 7040->7046 7043 bc2d39 __write_nolock 5 API calls 7041->7043 7042->7041 7044 bc229c 7043->7044 7044->6971 7045 bc12a0 8 API calls 7045->7046 7046->7042 7046->7045 7047 bc2277 Sleep 7046->7047 7047->7040 7049 bc580d __getptd_noexit 64 API calls 7048->7049 7050 bc6ada 7049->7050 7052 bc6b04 7050->7052 7054 bc850f __malloc_crt 64 API calls 7050->7054 7055 bc6ae0 7050->7055 7051 bc4722 __write_nolock 64 API calls 7053 bc6ae5 7051->7053 7052->7001 7053->7001 7054->7055 7055->7051 7055->7052 7057 bc3149 _memset 7056->7057 7058 bc3136 7056->7058 7061 bc3161 7057->7061 7069 bc3172 7057->7069 7059 bc4722 __write_nolock 64 API calls 7058->7059 7060 bc313b 7059->7060 7062 bc46d0 __write_nolock 11 API calls 7060->7062 7063 bc4722 __write_nolock 64 API calls 7061->7063 7096 bc3145 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 7062->7096 7064 bc3166 7063->7064 7068 bc46d0 __write_nolock 11 API calls 7064->7068 7065 bc3190 7070 bc4722 __write_nolock 64 API calls 7065->7070 7066 bc31a1 7097 bc657c 7066->7097 7068->7096 7069->7065 7069->7066 7070->7096 7071 bc31a6 7105 bc6845 7071->7105 7073 bc31af 7074 bc3397 7073->7074 7112 bc6872 7073->7112 7075 bc467e __invoke_watson 10 API calls 7074->7075 7077 bc33a1 7075->7077 7080 bc6ad2 __localtime64 64 API calls 7077->7080 7078 bc31c1 7078->7074 7119 bc689f 7078->7119 7081 bc33ad 7080->7081 7083 bc33bc 7081->7083 7085 bc311a __localtime64_s 100 API calls 7081->7085 7082 bc31d3 7082->7074 7084 bc31dc 7082->7084 7083->7003 7086 bc324f 7084->7086 7088 bc31ef 7084->7088 7085->7083 7087 bc660c __gmtime64_s 64 API calls 7086->7087 7090 bc3256 7087->7090 7126 bc660c 7088->7126 7092 bc65cb __localtime64_s 64 API calls 7090->7092 7090->7096 7091 bc3207 7091->7096 7135 bc65cb 7091->7135 7092->7096 7094 bc321c 7095 bc660c __gmtime64_s 64 API calls 7094->7095 7094->7096 7095->7096 7096->7003 7098 bc6588 __freefls@4 7097->7098 7099 bc65bc __freefls@4 7098->7099 7100 bc8a6f __lock 64 API calls 7098->7100 7099->7071 7101 bc6599 7100->7101 7102 bc65aa 7101->7102 7143 bc5e9b 7101->7143 7172 bc65c2 7102->7172 7106 bc6866 7105->7106 7107 bc6851 7105->7107 7106->7073 7108 bc4722 __write_nolock 64 API calls 7107->7108 7109 bc6856 7108->7109 7110 bc46d0 __write_nolock 11 API calls 7109->7110 7111 bc6861 7110->7111 7111->7073 7113 bc687e 7112->7113 7114 bc6893 7112->7114 7115 bc4722 __write_nolock 64 API calls 7113->7115 7114->7078 7116 bc6883 7115->7116 7117 bc46d0 __write_nolock 11 API calls 7116->7117 7118 bc688e 7117->7118 7118->7078 7120 bc68ab 7119->7120 7121 bc68c0 7119->7121 7122 bc4722 __write_nolock 64 API calls 7120->7122 7121->7082 7123 bc68b0 7122->7123 7124 bc46d0 __write_nolock 11 API calls 7123->7124 7125 bc68bb 7124->7125 7125->7082 7127 bc6636 _memset 7126->7127 7128 bc6620 7126->7128 7127->7128 7133 bc664d 7127->7133 7129 bc4722 __write_nolock 64 API calls 7128->7129 7130 bc6625 7129->7130 7131 bc46d0 __write_nolock 11 API calls 7130->7131 7134 bc662f __gmtime64_s __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 7131->7134 7132 bc4722 __write_nolock 64 API calls 7132->7134 7133->7132 7133->7134 7134->7091 7136 bc65d7 __freefls@4 7135->7136 7137 bc8a6f __lock 64 API calls 7136->7137 7138 bc65de 7137->7138 7204 bc63a5 7138->7204 7142 bc65fa __freefls@4 7142->7094 7144 bc5ea7 __freefls@4 7143->7144 7145 bc8a6f __lock 64 API calls 7144->7145 7146 bc5ec2 __tzset_nolock 7145->7146 7147 bc689f __localtime64_s 64 API calls 7146->7147 7148 bc5ed7 7147->7148 7149 bc6845 _cvtdate 64 API calls 7148->7149 7170 bc5f94 __tzset_nolock 7148->7170 7151 bc5ee9 7149->7151 7150 bc467e __invoke_watson 10 API calls 7150->7170 7154 bc6872 _cvtdate 64 API calls 7151->7154 7151->7170 7152 bc5fbf GetTimeZoneInformation 7152->7170 7153 bc2dcc _free 64 API calls 7153->7170 7155 bc5efb 7154->7155 7155->7170 7175 bc97fc 7155->7175 7157 bc6026 WideCharToMultiByte 7157->7170 7160 bc605e WideCharToMultiByte 7160->7170 7162 bc5f62 _strlen 7164 bc850f __malloc_crt 64 API calls 7162->7164 7163 bc9876 64 API calls __tzset_nolock 7163->7170 7167 bc5f70 _strlen 7164->7167 7165 bc5f2b __tzset_nolock 7165->7162 7166 bc2dcc _free 64 API calls 7165->7166 7165->7170 7166->7162 7168 bc992b _strcpy_s 64 API calls 7167->7168 7167->7170 7168->7170 7169 bc618f __tzset_nolock __freefls@4 7169->7102 7170->7150 7170->7152 7170->7153 7170->7157 7170->7160 7170->7163 7170->7169 7171 bc9dd0 77 API calls __tzset_nolock 7170->7171 7186 bc611e 7170->7186 7171->7170 7203 bc8996 LeaveCriticalSection 7172->7203 7174 bc65c9 7174->7099 7176 bc5886 __getptd 64 API calls 7175->7176 7177 bc9801 7176->7177 7178 bc5f09 7177->7178 7179 bc565d ____lc_codepage_func 72 API calls 7177->7179 7180 bc9de6 7178->7180 7179->7178 7181 bc9dff 7180->7181 7182 bc9dfb 7180->7182 7181->7182 7184 bc9e11 _strlen 7181->7184 7189 bcadb9 7181->7189 7182->7165 7184->7182 7199 bcad9f 7184->7199 7202 bc8996 LeaveCriticalSection 7186->7202 7188 bc6125 7188->7170 7192 bcadd4 7189->7192 7197 bcae39 7189->7197 7190 bcadda WideCharToMultiByte 7190->7192 7190->7197 7191 bc8554 __calloc_crt 64 API calls 7191->7192 7192->7190 7192->7191 7193 bcadfd WideCharToMultiByte 7192->7193 7196 bcb62d ___crtsetenv 95 API calls 7192->7196 7192->7197 7198 bc2dcc _free 64 API calls 7192->7198 7193->7192 7194 bcae45 7193->7194 7195 bc2dcc _free 64 API calls 7194->7195 7195->7197 7196->7192 7197->7184 7198->7192 7200 bcacc1 __mbsnbicoll_l 89 API calls 7199->7200 7201 bcadb4 7200->7201 7201->7184 7202->7188 7203->7174 7205 bc6845 _cvtdate 64 API calls 7204->7205 7206 bc63bc 7205->7206 7207 bc6571 7206->7207 7210 bc63c5 7206->7210 7208 bc467e __invoke_watson 10 API calls 7207->7208 7209 bc657b 7208->7209 7211 bc64ad 7210->7211 7212 bc63f5 7210->7212 7217 bc64a8 7210->7217 7213 bc61ae _cvtdate 64 API calls 7211->7213 7223 bc61ae 7212->7223 7215 bc64e6 7213->7215 7218 bc61ae _cvtdate 64 API calls 7215->7218 7216 bc644b 7219 bc61ae _cvtdate 64 API calls 7216->7219 7220 bc6603 7217->7220 7218->7217 7219->7217 7245 bc8996 LeaveCriticalSection 7220->7245 7222 bc660a 7222->7142 7225 bc61ce 7223->7225 7224 bc6872 _cvtdate 64 API calls 7226 bc634f 7224->7226 7225->7224 7227 bc6323 7225->7227 7226->7227 7228 bc467e __invoke_watson 10 API calls 7226->7228 7227->7216 7229 bc63a4 7228->7229 7230 bc6845 _cvtdate 64 API calls 7229->7230 7231 bc63bc 7230->7231 7232 bc63c5 7231->7232 7233 bc6571 7231->7233 7236 bc64ad 7232->7236 7237 bc63f5 7232->7237 7241 bc64a8 7232->7241 7234 bc467e __invoke_watson 10 API calls 7233->7234 7235 bc657b 7234->7235 7238 bc61ae _cvtdate 64 API calls 7236->7238 7239 bc61ae _cvtdate 64 API calls 7237->7239 7240 bc64e6 7238->7240 7242 bc644b 7239->7242 7243 bc61ae _cvtdate 64 API calls 7240->7243 7241->7216 7244 bc61ae _cvtdate 64 API calls 7242->7244 7243->7241 7244->7241 7245->7222 7249 bc48cc 7246->7249 7248 bc4a33 7250 bc48d8 __freefls@4 7249->7250 7251 bc8a6f __lock 59 API calls 7250->7251 7252 bc48df 7251->7252 7254 bc490a DecodePointer 7252->7254 7258 bc4989 7252->7258 7256 bc4921 DecodePointer 7254->7256 7254->7258 7263 bc4934 7256->7263 7272 bc49f7 7258->7272 7259 bc49ee 7262 bc47b4 _doexit 3 API calls 7259->7262 7261 bc4a06 __freefls@4 7261->7248 7264 bc49f7 7262->7264 7263->7258 7266 bc494b DecodePointer 7263->7266 7269 bc495a DecodePointer DecodePointer 7263->7269 7270 bc56d6 EncodePointer 7263->7270 7265 bc4a04 7264->7265 7277 bc8996 LeaveCriticalSection 7264->7277 7265->7248 7271 bc56d6 EncodePointer 7266->7271 7269->7263 7270->7263 7271->7263 7273 bc49fd 7272->7273 7274 bc49d7 7272->7274 7278 bc8996 LeaveCriticalSection 7273->7278 7274->7261 7276 bc8996 LeaveCriticalSection 7274->7276 7276->7259 7277->7265 7278->7274 7404 bc6d73 7405 bc8554 __calloc_crt 64 API calls 7404->7405 7406 bc6d7f EncodePointer 7405->7406 7407 bc6d98 7406->7407 7423 bc344c 7424 bc6c67 std::exception::exception 64 API calls 7423->7424 7425 bc345c 7424->7425 7426 bc83c8 7433 bca751 7426->7433 7429 bc83db 7431 bc2dcc _free 64 API calls 7429->7431 7432 bc83e6 7431->7432 7446 bca677 7433->7446 7435 bc83cd 7435->7429 7436 bca52b 7435->7436 7437 bca537 __freefls@4 7436->7437 7438 bc8a6f __lock 64 API calls 7437->7438 7440 bca543 7438->7440 7439 bca5a9 7487 bca5be 7439->7487 7440->7439 7444 bca57e DeleteCriticalSection 7440->7444 7474 bcb02a 7440->7474 7442 bca5b5 __freefls@4 7442->7429 7445 bc2dcc _free 64 API calls 7444->7445 7445->7440 7447 bca683 __freefls@4 7446->7447 7448 bc8a6f __lock 64 API calls 7447->7448 7455 bca692 7448->7455 7449 bca72a 7464 bca748 7449->7464 7452 bca736 __freefls@4 7452->7435 7454 bca62f 99 API calls __fflush_nolock 7454->7455 7455->7449 7455->7454 7456 bc8429 7455->7456 7461 bca719 7455->7461 7457 bc844c EnterCriticalSection 7456->7457 7458 bc8436 7456->7458 7457->7455 7459 bc8a6f __lock 64 API calls 7458->7459 7460 bc843f 7459->7460 7460->7455 7467 bc8497 7461->7467 7463 bca727 7463->7455 7473 bc8996 LeaveCriticalSection 7464->7473 7466 bca74f 7466->7452 7468 bc84ba LeaveCriticalSection 7467->7468 7469 bc84a7 7467->7469 7468->7463 7472 bc8996 LeaveCriticalSection 7469->7472 7471 bc84b7 7471->7463 7472->7471 7473->7466 7475 bcb036 __freefls@4 7474->7475 7476 bcb05d 7475->7476 7477 bcb048 7475->7477 7485 bcb058 __freefls@4 7476->7485 7490 bc83e8 7476->7490 7478 bc4722 __write_nolock 64 API calls 7477->7478 7480 bcb04d 7478->7480 7482 bc46d0 __write_nolock 11 API calls 7480->7482 7482->7485 7485->7440 7583 bc8996 LeaveCriticalSection 7487->7583 7489 bca5c5 7489->7442 7491 bc841c EnterCriticalSection 7490->7491 7492 bc83fa 7490->7492 7494 bc8412 7491->7494 7492->7491 7493 bc8402 7492->7493 7495 bc8a6f __lock 64 API calls 7493->7495 7496 bcafbd 7494->7496 7495->7494 7497 bcafce 7496->7497 7498 bcafe2 7496->7498 7499 bc4722 __write_nolock 64 API calls 7497->7499 7504 bcafde 7498->7504 7515 bca5c7 7498->7515 7500 bcafd3 7499->7500 7502 bc46d0 __write_nolock 11 API calls 7500->7502 7502->7504 7512 bcb096 7504->7512 7507 bc84c6 __fflush_nolock 64 API calls 7508 bcaffc 7507->7508 7525 bcb90b 7508->7525 7510 bcb002 7510->7504 7511 bc2dcc _free 64 API calls 7510->7511 7511->7504 7576 bc845b 7512->7576 7514 bcb09c 7514->7485 7516 bca5e0 7515->7516 7520 bca602 7515->7520 7517 bc84c6 __fflush_nolock 64 API calls 7516->7517 7516->7520 7518 bca5fb 7517->7518 7519 bc819e __write 95 API calls 7518->7519 7519->7520 7521 bcb9cf 7520->7521 7522 bcb9df 7521->7522 7524 bcaff6 7521->7524 7523 bc2dcc _free 64 API calls 7522->7523 7522->7524 7523->7524 7524->7507 7526 bcb917 __freefls@4 7525->7526 7527 bcb91f 7526->7527 7528 bcb93a 7526->7528 7530 bc4735 __write_nolock 64 API calls 7527->7530 7529 bcb946 7528->7529 7534 bcb980 7528->7534 7531 bc4735 __write_nolock 64 API calls 7529->7531 7532 bcb924 7530->7532 7533 bcb94b 7531->7533 7535 bc4722 __write_nolock 64 API calls 7532->7535 7536 bc4722 __write_nolock 64 API calls 7533->7536 7537 bca2c1 ___lock_fhandle 66 API calls 7534->7537 7544 bcb92c __freefls@4 7535->7544 7538 bcb953 7536->7538 7539 bcb986 7537->7539 7540 bc46d0 __write_nolock 11 API calls 7538->7540 7541 bcb994 7539->7541 7542 bcb9a0 7539->7542 7540->7544 7548 bcb86f 7541->7548 7543 bc4722 __write_nolock 64 API calls 7542->7543 7546 bcb99a 7543->7546 7544->7510 7563 bcb9c7 7546->7563 7549 bca258 __lseeki64_nolock 64 API calls 7548->7549 7551 bcb87f 7549->7551 7550 bcb8d5 7566 bca1d2 7550->7566 7551->7550 7553 bcb8b3 7551->7553 7554 bca258 __lseeki64_nolock 64 API calls 7551->7554 7553->7550 7555 bca258 __lseeki64_nolock 64 API calls 7553->7555 7557 bcb8aa 7554->7557 7558 bcb8bf CloseHandle 7555->7558 7560 bca258 __lseeki64_nolock 64 API calls 7557->7560 7558->7550 7561 bcb8cb GetLastError 7558->7561 7559 bcb8ff 7559->7546 7560->7553 7561->7550 7562 bc4748 __dosmaperr 64 API calls 7562->7559 7575 bca360 LeaveCriticalSection 7563->7575 7565 bcb9cd 7565->7544 7567 bca23e 7566->7567 7568 bca1e3 7566->7568 7569 bc4722 __write_nolock 64 API calls 7567->7569 7568->7567 7573 bca20e 7568->7573 7570 bca243 7569->7570 7571 bc4735 __write_nolock 64 API calls 7570->7571 7572 bca234 7571->7572 7572->7559 7572->7562 7573->7572 7574 bca22e SetStdHandle 7573->7574 7574->7572 7575->7565 7577 bc846c 7576->7577 7578 bc848b LeaveCriticalSection 7576->7578 7577->7578 7579 bc8473 7577->7579 7578->7514 7582 bc8996 LeaveCriticalSection 7579->7582 7581 bc8488 7581->7514 7582->7581 7583->7489 7375 bc6e85 SetUnhandledExceptionFilter 7279 bcafa6 7280 bcafbc 7279->7280 7281 bcafb0 7279->7281 7281->7280 7282 bcafb5 CloseHandle 7281->7282 7282->7280 7584 bc8ac6 7585 bc8ac9 7584->7585 7588 bcaaa9 7585->7588 7587 bc8ad5 __freefls@4 7597 bc8b41 DecodePointer 7588->7597 7590 bcaaae 7591 bcaab9 7590->7591 7598 bc8b4e 7590->7598 7593 bcaad1 7591->7593 7594 bc4555 __call_reportfault 8 API calls 7591->7594 7595 bc4a22 __amsg_exit 64 API calls 7593->7595 7594->7593 7596 bcaadb 7595->7596 7596->7587 7596->7596 7597->7590 7601 bc8b5a __freefls@4 7598->7601 7599 bc8bb5 7600 bc8b97 DecodePointer 7599->7600 7605 bc8bc4 7599->7605 7606 bc8b86 _siglookup 7600->7606 7601->7599 7601->7600 7602 bc8b81 7601->7602 7608 bc8b7d 7601->7608 7603 bc580d __getptd_noexit 64 API calls 7602->7603 7603->7606 7607 bc4722 __write_nolock 64 API calls 7605->7607 7609 bc8c21 7606->7609 7611 bc4a22 __amsg_exit 64 API calls 7606->7611 7618 bc8b8f __freefls@4 7606->7618 7610 bc8bc9 7607->7610 7608->7602 7608->7605 7613 bc8a6f __lock 64 API calls 7609->7613 7615 bc8c2c 7609->7615 7612 bc46d0 __write_nolock 11 API calls 7610->7612 7611->7609 7612->7618 7613->7615 7616 bc8c61 7615->7616 7619 bc56d6 EncodePointer 7615->7619 7620 bc8cb5 7616->7620 7618->7591 7619->7616 7621 bc8cbb 7620->7621 7622 bc8cc2 7620->7622 7624 bc8996 LeaveCriticalSection 7621->7624 7622->7618 7624->7622 7283 bc58a0 7284 bc58ac __freefls@4 7283->7284 7285 bc58c4 7284->7285 7286 bc2dcc _free 64 API calls 7284->7286 7316 bc59ae __freefls@4 7284->7316 7287 bc58d2 7285->7287 7288 bc2dcc _free 64 API calls 7285->7288 7286->7285 7289 bc58e0 7287->7289 7290 bc2dcc _free 64 API calls 7287->7290 7288->7287 7291 bc58ee 7289->7291 7292 bc2dcc _free 64 API calls 7289->7292 7290->7289 7293 bc58fc 7291->7293 7294 bc2dcc _free 64 API calls 7291->7294 7292->7291 7295 bc590a 7293->7295 7296 bc2dcc _free 64 API calls 7293->7296 7294->7293 7297 bc5918 7295->7297 7298 bc2dcc _free 64 API calls 7295->7298 7296->7295 7299 bc5929 7297->7299 7300 bc2dcc _free 64 API calls 7297->7300 7298->7297 7301 bc8a6f __lock 64 API calls 7299->7301 7300->7299 7302 bc5931 7301->7302 7303 bc593d InterlockedDecrement 7302->7303 7304 bc5956 7302->7304 7303->7304 7305 bc5948 7303->7305 7319 bc59ba 7304->7319 7305->7304 7309 bc2dcc _free 64 API calls 7305->7309 7308 bc8a6f __lock 64 API calls 7310 bc596a 7308->7310 7309->7304 7311 bc599b 7310->7311 7312 bc542c ___removelocaleref 8 API calls 7310->7312 7322 bc59c6 7311->7322 7317 bc597f 7312->7317 7315 bc2dcc _free 64 API calls 7315->7316 7317->7311 7318 bc54c5 ___freetlocinfo 64 API calls 7317->7318 7318->7311 7325 bc8996 LeaveCriticalSection 7319->7325 7321 bc5963 7321->7308 7326 bc8996 LeaveCriticalSection 7322->7326 7324 bc59a8 7324->7315 7325->7321 7326->7324 7376 bc7700 7377 bc772c 7376->7377 7378 bc7739 7376->7378 7380 bc2d39 __write_nolock 5 API calls 7377->7380 7379 bc2d39 __write_nolock 5 API calls 7378->7379 7389 bc7749 __except_handler4 __IsNonwritableInCurrentImage 7379->7389 7380->7378 7381 bc77cc 7382 bc77a2 __except_handler4 7382->7381 7383 bc77bc 7382->7383 7385 bc2d39 __write_nolock 5 API calls 7382->7385 7384 bc2d39 __write_nolock 5 API calls 7383->7384 7384->7381 7385->7383 7387 bc781e __except_handler4 7388 bc7852 7387->7388 7390 bc2d39 __write_nolock 5 API calls 7387->7390 7391 bc2d39 __write_nolock 5 API calls 7388->7391 7389->7381 7389->7382 7392 bca1a2 RtlUnwind 7389->7392 7390->7388 7391->7382 7392->7387 7628 bc3641 7631 bc6e93 7628->7631 7632 bc580d __getptd_noexit 64 API calls 7631->7632 7633 bc3652 7632->7633 7634 bc6e43 7635 bc6e7f 7634->7635 7636 bc6e55 7634->7636 7636->7635 7638 bc8aa2 7636->7638 7639 bc8aae __freefls@4 7638->7639 7640 bc5886 __getptd 64 API calls 7639->7640 7642 bc8ab3 7640->7642 7641 bcaaa9 _abort 66 API calls 7643 bc8ad5 __freefls@4 7641->7643 7642->7641 7643->7635

              Executed Functions

              Function 00BC2C50 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 75stringsynchronizationCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetCommandLineA.KERNEL32 ref: 00BC2C65
                • Part of subcall function 00BC1CA0: lstrlenA.KERNEL32 ref: 00BC1CAC
                • Part of subcall function 00BC1CA0: GlobalAlloc.KERNEL32(00000000,00000004), ref: 00BC1CC5
                • Part of subcall function 00BC2910: StrToIntA.SHLWAPI ref: 00BC2952
              • StrStrA.SHLWAPI(00000000,/run), ref: 00BC2C92
              • wsprintfA.USER32 ref: 00BC2CAB
                • Part of subcall function 00BC2A50: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 00BC2A71
                • Part of subcall function 00BC2A50: lstrcpyA.KERNEL32(?,00BCE404), ref: 00BC2A80
                • Part of subcall function 00BC2A50: CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00BC2AA4
                • Part of subcall function 00BC2A50: GetLastError.KERNEL32 ref: 00BC2AAA
                • Part of subcall function 00BC2A50: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00BC2ACB
                • Part of subcall function 00BC2A50: GetFileSize.KERNEL32(00000000,00000000), ref: 00BC2AE0
                • Part of subcall function 00BC2A50: ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 00BC2B03
                • Part of subcall function 00BC2A50: CloseHandle.KERNELBASE(00000000), ref: 00BC2B0A
                • Part of subcall function 00BC2A50: lstrcpyA.KERNEL32(00000000,00BCE440), ref: 00BC2B30
                • Part of subcall function 00BC2A50: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BC2B3D
                • Part of subcall function 00BC2A50: lstrcpyA.KERNEL32(?,00BCE468), ref: 00BC2B4F
                • Part of subcall function 00BC2A50: wsprintfA.USER32 ref: 00BC2B9F
              • lstrcpyA.KERNEL32(?,l5Sxfak`x|S|v|{jb<=Slbk!jwj), ref: 00BC2CC2
              • ShellExecuteA.SHELL32(00000000,00000000,00000000,?,00000000,00000000), ref: 00BC2CF1
              • ExitProcess.KERNEL32 ref: 00BC2CF9
              • OpenMutexA.KERNEL32(001F0001,00000000,MUTEX394039_4830023), ref: 00BC2D0B
              • CreateMutexA.KERNEL32(00000000,00000000,MUTEX394039_4830023), ref: 00BC2D1E
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: CreateFilelstrcpy$DirectoryMutexwsprintf$AllocCloseCommandErrorExecuteExitGlobalHandleLastLineModuleNameOpenProcessReadShellSizelstrlen
              • String ID: /c del /q "%s" >> NUL$/run$MUTEX394039_4830023$l5Sxfak`x|S|v|{jb<=Slbk!jwj
              • API String ID: 1071610658-845142850
              • Opcode ID: 3ee7cf31a9e44d92984d7a06836861702e97b1f74c0f435b4035d57089736e44
              • Instruction ID: e5a04fe687b7e798ad1659f30ad7e04ef693aaa8f3d9a9d86b0e397a196ec608
              • Opcode Fuzzy Hash: 3ee7cf31a9e44d92984d7a06836861702e97b1f74c0f435b4035d57089736e44
              • Instruction Fuzzy Hash: 6F216571640208ABD7149BB4DC46FEF7BA8EF18701F0440A9FA0AE7192DE7499458BA5
              Function 00BC2A50 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 159filestringprocessCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 00BC2A71
              • lstrcpyA.KERNEL32(?,00BCE404), ref: 00BC2A80
              • CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00BC2AA4
              • GetLastError.KERNEL32 ref: 00BC2AAA
              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00BC2ACB
              • GetFileSize.KERNEL32(00000000,00000000), ref: 00BC2AE0
              • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 00BC2B03
              • CloseHandle.KERNELBASE(00000000), ref: 00BC2B0A
              • lstrcpyA.KERNEL32(00000000,00BCE440), ref: 00BC2B30
              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BC2B3D
              • lstrcpyA.KERNEL32(?,00BCE468), ref: 00BC2B4F
              • lstrcpyA.KERNEL32(?,00BCE41C), ref: 00BC2B6A
              • wsprintfA.USER32 ref: 00BC2B9F
              • CreateFileA.KERNELBASE(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00BC2BC1
              • WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00BC2BE6
              • GetTickCount.KERNEL32 ref: 00BC2BE8
              • WriteFile.KERNELBASE(00000000,?,00000004,?,00000000), ref: 00BC2C07
              • CloseHandle.KERNEL32(00000000), ref: 00BC2C0A
              • WinExec.KERNEL32(?,00000000), ref: 00BC2C2D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: File$Createlstrcpy$CloseDirectoryHandleWrite$CountErrorExecLastModuleNameReadSizeTickwsprintf
              • String ID: "%s" /run
              • API String ID: 3411283918-4208677260
              • Opcode ID: f508a42454fade79b73135342a2c8838dce47af8377ddb375b1929e1898fe110
              • Instruction ID: 4b88a5997743bbc3f77325b5454f0eade4eff460155424d960df4173a038c3f6
              • Opcode Fuzzy Hash: f508a42454fade79b73135342a2c8838dce47af8377ddb375b1929e1898fe110
              • Instruction Fuzzy Hash: A9518171A40214EBEB24AB70DC49FEE7BB8EB48700F000299F609E7091DF755E45CBA1
              Function 00BC29A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71registrystringCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 46 bc29a0-bc29cb lstrcpyA 47 bc29cd-bc29cf 46->47 48 bc29da-bc29f0 RegCreateKeyA 46->48 49 bc29d0-bc29d8 47->49 50 bc2a3d-bc2a4e call bc2d39 48->50 51 bc29f2-bc2a03 lstrcpyA 48->51 49->48 49->49 53 bc2a05 51->53 54 bc2a11-bc2a2e lstrlenA RegSetValueExA 51->54 55 bc2a07-bc2a0f 53->55 56 bc2a30 54->56 57 bc2a33-bc2a37 RegCloseKey 54->57 55->54 55->55 56->57 57->50
              APIs
              • lstrcpyA.KERNEL32(?,\`i{xn}jSBfl}`|`i{SXfak`x|SLz}}ja{Yj}|f`aS]za), ref: 00BC29C3
              • RegCreateKeyA.ADVAPI32(80000001,?,?), ref: 00BC29E7
              • lstrcpyA.KERNEL32(?,00BCE3F8), ref: 00BC29FB
              • lstrlenA.KERNEL32 ref: 00BC2A12
              • RegSetValueExA.KERNELBASE(?,?,00000000,00000001,?,00000000), ref: 00BC2A26
              • RegCloseKey.KERNELBASE(?,?,00000000), ref: 00BC2A37
              Strings
              • \`i{xn}jSBfl}`|`i{SXfak`x|SLz}}ja{Yj}|f`aS]za, xrefs: 00BC29B8
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: lstrcpy$CloseCreateValuelstrlen
              • String ID: \`i{xn}jSBfl}`|`i{SXfak`x|SLz}}ja{Yj}|f`aS]za
              • API String ID: 4056970110-2895997472
              • Opcode ID: d61720142a5c1b4f528f27c125f6c28b9e7a7c582aeb737e5a21d05e10108b5e
              • Instruction ID: 6ca221b5b833d846d6457f43b217b32dd72e631e9a1088bfc95703d06bc56033
              • Opcode Fuzzy Hash: d61720142a5c1b4f528f27c125f6c28b9e7a7c582aeb737e5a21d05e10108b5e
              • Instruction Fuzzy Hash: CF215E71A04348EBDB15DBB4DC94EEEBFBCEB49700F0040ADE5499B151EA70A944CB60
              Function 00BC3469 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • _malloc.LIBCMT ref: 00BC3483
                • Part of subcall function 00BC2E06: __FF_MSGBANNER.LIBCMT ref: 00BC2E1F
                • Part of subcall function 00BC2E06: __NMSG_WRITE.LIBCMT ref: 00BC2E26
                • Part of subcall function 00BC2E06: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,20141104,?,00BC182C,00000288), ref: 00BC2E4B
              • std::exception::exception.LIBCMT ref: 00BC34B8
              • std::exception::exception.LIBCMT ref: 00BC34D2
              • __CxxThrowException@8.LIBCMT ref: 00BC34E3
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
              • String ID:
              • API String ID: 615853336-0
              • Opcode ID: 2fd3751708490e5bbfe6d71ecab800fdd3914206e61e74cb4125ec570b260ffa
              • Instruction ID: 96aea80506b287d56af7101600fa3b1fdae218a19012ddf68ab7f94020baed28
              • Opcode Fuzzy Hash: 2fd3751708490e5bbfe6d71ecab800fdd3914206e61e74cb4125ec570b260ffa
              • Instruction Fuzzy Hash: E1F0D171500209AACB18AB54DC12FAEBBE9EB40704F6080EEF44596191DB708A019791

              Non-executed Functions

              Function 00BC17E0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 139COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 392 bc17e0-bc1833 GetComputerNameA call bc2e06 395 bc1845-bc187a GetAdaptersInfo call bc306d GetAdaptersInfo 392->395 396 bc1835-bc1844 call bc2d39 392->396 401 bc187c-bc188e call bc2d39 395->401 402 bc188f-bc1891 395->402 404 bc1944-bc195c call bc2dcc 402->404 405 bc1897 402->405 414 bc1960-bc1965 404->414 407 bc18a0-bc18a8 405->407 409 bc1908-bc190e 407->409 410 bc18aa 407->410 412 bc1911-bc1916 409->412 413 bc18b0-bc18b9 410->413 412->412 415 bc1918-bc191f 412->415 416 bc18c0-bc18c5 413->416 414->414 417 bc1967-bc1997 call bc10c0 call bc2d39 414->417 415->404 418 bc1921-bc193e call bc2d48 415->418 416->416 419 bc18c7-bc18ce 416->419 418->404 418->407 419->409 423 bc18d0-bc18f7 call bc2d48 419->423 429 bc18ff-bc1906 423->429 430 bc18f9-bc18fc 423->430 429->409 429->413 430->429
              APIs
              • GetComputerNameA.KERNEL32(?,?), ref: 00BC1812
              • _malloc.LIBCMT ref: 00BC1827
                • Part of subcall function 00BC2E06: __FF_MSGBANNER.LIBCMT ref: 00BC2E1F
                • Part of subcall function 00BC2E06: __NMSG_WRITE.LIBCMT ref: 00BC2E26
                • Part of subcall function 00BC2E06: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,20141104,?,00BC182C,00000288), ref: 00BC2E4B
              • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00BC1854
              • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00BC1876
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: AdaptersInfo$AllocateComputerHeapName_malloc
              • String ID: %2.2X$PIlp
              • API String ID: 2323108929-1622041485
              • Opcode ID: e7311afbabb611b15dd01e2b20def7c6b2dde9cc2d0638f51a61af9eeead3401
              • Instruction ID: 6774807c9fbed2ec5b839a5c8eb7434b49d55a10369d14db520d34ee956532cc
              • Opcode Fuzzy Hash: e7311afbabb611b15dd01e2b20def7c6b2dde9cc2d0638f51a61af9eeead3401
              • Instruction Fuzzy Hash: BC41E9719041199BCB21DF68DC91FEEB3F8EF56340F0449EDD989A7142DA709E898B90
              Function 00BC27E0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94sleepnetworkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 431 bc27e0-bc2819 WSAStartup 432 bc28ee-bc2902 call bc2d39 431->432 433 bc281f-bc282b 431->433 434 bc282d-bc282f 433->434 435 bc283b-bc283d 433->435 437 bc2830-bc2839 434->437 438 bc2840-bc2863 call bc1460 435->438 437->435 437->437 442 bc2865-bc2869 438->442 443 bc28a0-bc28b0 call bc19a0 call bc1b60 438->443 444 bc288b-bc289e Sleep 442->444 445 bc286b-bc2871 442->445 451 bc28b5-bc28d3 call bc2750 recv 443->451 452 bc28b2-bc28b3 443->452 444->438 445->444 448 bc2873-bc2889 Sleep 445->448 448->438 455 bc28dc-bc28e9 Sleep 451->455 456 bc28d5-bc28d6 closesocket 451->456 452->438 455->438 456->455
              APIs
              • WSAStartup.WS2_32 ref: 00BC2811
              • Sleep.KERNEL32(00A4CB80), ref: 00BC287B
              • Sleep.KERNEL32(?), ref: 00BC2890
              • recv.WS2_32(00000000,?,0000000A,00000000), ref: 00BC28CB
              • closesocket.WS2_32(00000000), ref: 00BC28D6
              • Sleep.KERNEL32(0036EE80), ref: 00BC28E3
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: Sleep$Startupclosesocketrecv
              • String ID: >9:!>6;!>=<!98$`$`
              • API String ID: 1594183973-1415459037
              • Opcode ID: e4aac4cf09a919e2ccb30aafffa22aa8dd73f1a68835178a59a49f7c8800c9e3
              • Instruction ID: 0997868aceb9d64371c099050eda0ae75c943a6f250c9434dd143ae1cd855a0e
              • Opcode Fuzzy Hash: e4aac4cf09a919e2ccb30aafffa22aa8dd73f1a68835178a59a49f7c8800c9e3
              • Instruction Fuzzy Hash: AF31B1B17002049BE724AB25EC95F6B7BD8EF96704F1008ADE84AD7152EE34D905C792
              Function 00BC1B60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99memorynetworksleepCOMMON
              Download Yara Rule
              APIs
              • recv.WS2_32(?,?,00000010,00000000), ref: 00BC1B85
              • WSAGetLastError.WS2_32(?,?,00000010,00000000), ref: 00BC1B9E
              • Sleep.KERNEL32(0000000A,?,?,00000010,00000000), ref: 00BC1BBC
              • GetProcessHeap.KERNEL32(00000008,?,?,?,00000010,00000000), ref: 00BC1BE2
              • HeapAlloc.KERNEL32(00000000,?,?,00000010,00000000), ref: 00BC1BE5
              • GetProcessHeap.KERNEL32(00000000), ref: 00BC1C83
              • HeapFree.KERNEL32(00000000), ref: 00BC1C86
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: Heap$Process$AllocErrorFreeLastSleeprecv
              • String ID: ]Vw
              • API String ID: 4059495080-1841013464
              • Opcode ID: b87d3f16defad5c2574c81ceab0f82987835ddab8097ffcc0a08417512f908f2
              • Instruction ID: 5152b652eac0be6d79bbadbd8454849d6001738b768098101a1655d1b027de10
              • Opcode Fuzzy Hash: b87d3f16defad5c2574c81ceab0f82987835ddab8097ffcc0a08417512f908f2
              • Instruction Fuzzy Hash: AF319875A00204DBD710DFA8DC55F6ABBF4FB49350F1449AEE816A7351EB309D01CBA0
              Function 00BC19A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97networkstringCOMMON
              Download Yara Rule
              APIs
              • GetUserNameA.ADVAPI32(?,?), ref: 00BC19CD
                • Part of subcall function 00BC1720: _memset.LIBCMT ref: 00BC1742
                • Part of subcall function 00BC1720: GetVersionExA.KERNEL32(?), ref: 00BC1761
                • Part of subcall function 00BC1720: GetVersionExA.KERNEL32(0000009C), ref: 00BC1778
                • Part of subcall function 00BC1570: _memset.LIBCMT ref: 00BC15C4
                • Part of subcall function 00BC1570: _memset.LIBCMT ref: 00BC1605
                • Part of subcall function 00BC1570: _memset.LIBCMT ref: 00BC1618
                • Part of subcall function 00BC1570: lstrcpyA.KERNEL32(?,00BCE2A3), ref: 00BC1626
                • Part of subcall function 00BC1570: RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,?,?,00BCE2A3), ref: 00BC1663
                • Part of subcall function 00BC1570: _memset.LIBCMT ref: 00BC16B3
                • Part of subcall function 00BC1570: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000100,?,?,00BCE2A3), ref: 00BC16D5
              • _sprintf.LIBCMT ref: 00BC1A08
              • lstrlenA.KERNEL32(?), ref: 00BC1A17
              • WSAStartup.WS2_32(00000002,?), ref: 00BC1A2D
              • gethostname.WS2_32(?,000000FF), ref: 00BC1A43
              • gethostbyname.WS2_32(?), ref: 00BC1A54
              • WSACleanup.WS2_32 ref: 00BC1A67
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: _memset$Version$CleanupNameOpenQueryStartupUserValue_sprintfgethostbynamegethostnamelstrcpylstrlen
              • String ID: %s/%s
              • API String ID: 396611607-2758257063
              • Opcode ID: 00303eb32f23b1115111cebb95565fef420bbaee8e8bd44673a83f5a103f97eb
              • Instruction ID: 9d913e82a2b712a934f250f99bf195146083137850928b5af49fab6953536e98
              • Opcode Fuzzy Hash: 00303eb32f23b1115111cebb95565fef420bbaee8e8bd44673a83f5a103f97eb
              • Instruction Fuzzy Hash: E83195B1E011099FDB24DB64DC95FAAB7B9EB59300F0045DEE50EA7242EB309E45CF54
              Function 00BC1720 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: Version$_memsetwsprintf
              • String ID: %d.%d
              • API String ID: 3402264179-3954714993
              • Opcode ID: 15a8f8acca685fc220bfa2dab6e8a0a922b1ba7e1255241ae30e2b0ea22b5690
              • Instruction ID: 35e2189c4a109bc367e756fba9651f6cdc178df098d574297fced8dfb57c3dc7
              • Opcode Fuzzy Hash: 15a8f8acca685fc220bfa2dab6e8a0a922b1ba7e1255241ae30e2b0ea22b5690
              • Instruction Fuzzy Hash: B6114271B412189FDB20DB689C41FBEB7B8EF16300F4405DEE949A7242EA705E45CBA2
              Function 00BC306D Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 00BC307B
                • Part of subcall function 00BC2E06: __FF_MSGBANNER.LIBCMT ref: 00BC2E1F
                • Part of subcall function 00BC2E06: __NMSG_WRITE.LIBCMT ref: 00BC2E26
                • Part of subcall function 00BC2E06: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,20141104,?,00BC182C,00000288), ref: 00BC2E4B
              • _free.LIBCMT ref: 00BC308E
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: AllocateHeap_free_malloc
              • String ID:
              • API String ID: 1020059152-0
              • Opcode ID: d4aaa2224c682794baa1cbe9d54360d1b7bc171763ee6bca128ce639c15ed112
              • Instruction ID: a9473a93f7709dba08510f45111a87d7b175bb656d6bdbab6cdcb3e76f675c99
              • Opcode Fuzzy Hash: d4aaa2224c682794baa1cbe9d54360d1b7bc171763ee6bca128ce639c15ed112
              • Instruction Fuzzy Hash: 6611E333500311ABCB312B74BC15F5A3BD4EB557A1B6084EEF9C897150DF31CA418694
              Function 00BC2D39 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • IsDebuggerPresent.KERNEL32 ref: 00BC3744
              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BC3759
              • UnhandledExceptionFilter.KERNEL32(00BCC268), ref: 00BC3764
              • GetCurrentProcess.KERNEL32(C0000409), ref: 00BC3780
              • TerminateProcess.KERNEL32(00000000), ref: 00BC3787
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
              • String ID:
              • API String ID: 2579439406-0
              • Opcode ID: 017e8e4112b8babbea2508d68adf9a1a182f539cd3b30f180e2c8484f75848c2
              • Instruction ID: 9b7c896ee83ffb71cac6e7ed0bda63502d6dc678c2f3f95c42d4a670c23f032f
              • Opcode Fuzzy Hash: 017e8e4112b8babbea2508d68adf9a1a182f539cd3b30f180e2c8484f75848c2
              • Instruction Fuzzy Hash: 7D21EBB8916284EFC710EF68F965B48BBB1FB18300F10895BE90887261FFB05984CF19
              Function 00BC12A0 Relevance: 4.6, APIs: 3, Instructions: 133networksleepCOMMON
              Download Yara Rule
              APIs
              • send.WS2_32(?,?,00004C5B,00000000), ref: 00BC13F1
              • WSAGetLastError.WS2_32 ref: 00BC1406
              • Sleep.KERNEL32(0000000A), ref: 00BC141C
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: ErrorLastSleepsend
              • String ID:
              • API String ID: 4076785223-0
              • Opcode ID: 1c23ac1636526c702adfeb8033ceca71b03153403f8faae7430e51732cbf51c3
              • Instruction ID: b674cfa77665fe974ede8fbbf15b9755ba39b47165a9f6d39971462bf76dd9ba
              • Opcode Fuzzy Hash: 1c23ac1636526c702adfeb8033ceca71b03153403f8faae7430e51732cbf51c3
              • Instruction Fuzzy Hash: DA419132B002288BDB25CF6D9890699FBA9EB9A310F4045EED44AF7642D7345F44CF52
              Function 00BC6E85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
              Download Yara Rule
              APIs
              • SetUnhandledExceptionFilter.KERNEL32(Function_00006E43), ref: 00BC6E8A
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: e630e4371161299031ecd1cd38cd796483a5df6f483fb8ef06c9008474dee489
              • Instruction ID: a837641491b01fc474e74210662d1956f9419a7493da62d2890e7721bdc9cabe
              • Opcode Fuzzy Hash: e630e4371161299031ecd1cd38cd796483a5df6f483fb8ef06c9008474dee489
              • Instruction Fuzzy Hash: 9E900264651103CBD61017B19C0FD156BD05A6C6427414895A105D5464EF6041415521
              Function 00BC10C0 Relevance: .2, Instructions: 177COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6724d0094f713dfd851c5757bc941764f039ff211322bff085d9d44cc60ac54a
              • Instruction ID: e081a6c2c35221a92ff2ebf3d9190fcc7bb5c5d1a6096a6cfab7c56753856eea
              • Opcode Fuzzy Hash: 6724d0094f713dfd851c5757bc941764f039ff211322bff085d9d44cc60ac54a
              • Instruction Fuzzy Hash: 0F51D433A61AA506F310867E8C813C577939BCA264F4FC3A9C870AB2D6D57A641BD7D0
              Function 00BC1020 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6be091eb61b65efb446137e05583116e77768846b17c6487780c0cf3fd34f7f
              • Instruction ID: 221380b70bdcbf06a4ed5ffb396d33e71621aea870a9f4a6de4f9757edf4afce
              • Opcode Fuzzy Hash: e6be091eb61b65efb446137e05583116e77768846b17c6487780c0cf3fd34f7f
              • Instruction Fuzzy Hash: 5B110632E011294BEF04CABD98900EEFBF5EBDA224F5242AAD841F3342E1701E49C7D0
              Function 00BC22A0 Relevance: 89.6, APIs: 39, Strings: 12, Instructions: 375stringCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 178 bc22a0-bc22be 179 bc22c4-bc2351 call bc68f0 * 2 call bc33c9 call bc33a2 call bc9a20 lstrcpyA 178->179 180 bc2733-bc2743 call bc2d39 178->180 193 bc2360-bc23a3 wsprintfA 179->193 194 bc2353 179->194 196 bc23a6-bc23ab 193->196 195 bc2355-bc235e 194->195 195->193 195->195 196->196 197 bc23ad-bc23c4 196->197 198 bc23c9 call bc12a0 197->198 199 bc23ce-bc23e7 lstrcmpA 198->199 199->180 200 bc23ed-bc2409 call bc1ca0 199->200 203 bc2419-bc2425 lstrcmpA 200->203 204 bc240b 200->204 206 bc24be-bc24ca lstrcmpA 203->206 207 bc242b-bc2455 lstrcpyA StrToIntA 203->207 205 bc2410-bc2417 204->205 205->203 205->205 208 bc25b4-bc25c0 lstrcmpA 206->208 209 bc24d0-bc24d3 206->209 210 bc246b-bc24b9 wsprintfA lstrlenA 207->210 211 bc2457-bc2459 207->211 215 bc25c6-bc25d7 StrChrA 208->215 216 bc2671-bc267d lstrcmpA 208->216 214 bc24d6 call bc1dc0 209->214 213 bc26f4-bc2703 210->213 212 bc2460-bc2469 211->212 212->210 212->212 217 bc2708 call bc12a0 213->217 220 bc24db-bc24dd 214->220 221 bc25de 215->221 222 bc25d9-bc25dc 215->222 218 bc2721-bc2725 216->218 219 bc2683-bc2686 216->219 223 bc270d-bc2720 call bc2d39 217->223 225 bc272b call bc2000 218->225 224 bc2689 call bc1dc0 219->224 226 bc24df-bc2514 lstrcpyA call bc1000 lstrcatA lstrlenA 220->226 227 bc2519-bc2542 lstrcpyA call bc1000 lstrcatA 220->227 229 bc25e1 call bc1f10 221->229 228 bc25ed-bc262b lstrcpyA call bc1000 lstrcatA * 2 lstrlenA 222->228 231 bc268e-bc2690 224->231 232 bc2730 225->232 246 bc26f3 226->246 247 bc2545 call bc1f10 227->247 228->246 235 bc25e6-bc25eb 229->235 238 bc2692-bc26b1 lstrcpyA call bc1000 231->238 239 bc26b3-bc26d3 lstrcpyA call bc1000 231->239 232->180 235->228 242 bc2630-bc266c lstrcpyA call bc1000 lstrcpyA lstrcatA lstrlenA 235->242 253 bc26d4-bc26e0 lstrcatA 238->253 239->253 242->246 246->213 252 bc254a-bc254f 247->252 254 bc2571-bc258f lstrcpyA call bc1000 lstrcpyA 252->254 255 bc2551-bc256f lstrcpyA call bc1000 lstrcatA 252->255 257 bc26e3-bc26e8 253->257 262 bc2591-bc25af lstrcatA lstrlenA 254->262 255->262 257->257 261 bc26ea-bc26f2 257->261 261->246 262->246
              APIs
              • _memset.LIBCMT ref: 00BC22D9
              • _memset.LIBCMT ref: 00BC22F6
              • __time64.LIBCMT ref: 00BC2300
                • Part of subcall function 00BC33C9: GetSystemTimeAsFileTime.KERNEL32(00BC2305,?,?,?,00BC2305,00000000), ref: 00BC33D4
                • Part of subcall function 00BC33C9: __aulldiv.LIBCMT ref: 00BC33F4
              • __localtime64.LIBCMT ref: 00BC231B
                • Part of subcall function 00BC33A2: __localtime64_s.LIBCMT ref: 00BC33B7
              • _memmove.LIBCMT ref: 00BC2331
              • lstrcpyA.KERNEL32(?,_]@LJ\\JK/N[), ref: 00BC2348
              • wsprintfA.USER32 ref: 00BC2394
              • lstrcmpA.KERNEL32(00000000,00BCE2A3), ref: 00BC23E3
              • lstrcmpA.KERNEL32(?,+fa{j}ync), ref: 00BC2421
              • lstrcpyA.KERNEL32(00000000,Fa{j}ync/f|/|j{/{`,?,+fa{j}ync), ref: 00BC2434
              • StrToIntA.SHLWAPI(?,?,+fa{j}ync), ref: 00BC243A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: Time_memsetlstrcmplstrcpy$FileSystem__aulldiv__localtime64__localtime64_s__time64_memmovewsprintf
              • String ID: CMD:%s %s %d/%d/%d %d:%d:%d$%s %d min$+fa{j}ync$+jwjl$+k`xac`nk$+k`xac`nkjwjl$Fa{j}ync/f|/|j{/{`$Jwjlz{f`a/infcz}j$Jwjlz{f`a/|zllj||$K`xac`nk/infcz}j$K`xac`nk/|zllj||$_]@LJ\\JK/N[
              • API String ID: 1549752644-755128454
              • Opcode ID: 063950031f64a7669b144370cb60e542110a0ee551680eacd5e95116217752f1
              • Instruction ID: fb068d9ec822258ab85aed3ea1b074ca7a2769c47405c2a8fb0f5ebcde791e0a
              • Opcode Fuzzy Hash: 063950031f64a7669b144370cb60e542110a0ee551680eacd5e95116217752f1
              • Instruction Fuzzy Hash: 60D188B1A00248ABD725DB64CC91FEA77FDEF44700F0085EDE54AA7151EE34EE858BA4
              Function 00BC59CF Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 263 bc59cf-bc59e1 GetModuleHandleW 264 bc59ec-bc5a34 GetProcAddress * 4 263->264 265 bc59e3-bc59eb call bc571c 263->265 267 bc5a4c-bc5a6b 264->267 268 bc5a36-bc5a3d 264->268 271 bc5a70-bc5a7e TlsAlloc 267->271 268->267 270 bc5a3f-bc5a46 268->270 270->267 272 bc5a48-bc5a4a 270->272 273 bc5a84-bc5a8f TlsSetValue 271->273 274 bc5b45 271->274 272->267 272->271 273->274 276 bc5a95-bc5adb call bc47de EncodePointer * 4 call bc88f5 273->276 275 bc5b47-bc5b49 274->275 281 bc5add-bc5afa DecodePointer 276->281 282 bc5b40 call bc571c 276->282 281->282 285 bc5afc-bc5b0e call bc8554 281->285 282->274 285->282 288 bc5b10-bc5b23 DecodePointer 285->288 288->282 290 bc5b25-bc5b3e call bc5759 GetCurrentThreadId 288->290 290->275
              APIs
              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00BC359C), ref: 00BC59D7
              • __mtterm.LIBCMT ref: 00BC59E3
                • Part of subcall function 00BC571C: DecodePointer.KERNEL32(00000005,00BC5B45,?,00BC359C), ref: 00BC572D
                • Part of subcall function 00BC571C: TlsFree.KERNEL32(00000015,00BC5B45,?,00BC359C), ref: 00BC5747
                • Part of subcall function 00BC571C: DeleteCriticalSection.KERNEL32(00000000,00000000,775857D0,?,00BC5B45,?,00BC359C), ref: 00BC895C
                • Part of subcall function 00BC571C: _free.LIBCMT ref: 00BC895F
                • Part of subcall function 00BC571C: DeleteCriticalSection.KERNEL32(00000015,775857D0,?,00BC5B45,?,00BC359C), ref: 00BC8986
              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00BC59F9
              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00BC5A06
              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00BC5A13
              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00BC5A20
              • TlsAlloc.KERNEL32(?,00BC359C), ref: 00BC5A70
              • TlsSetValue.KERNEL32(00000000,?,00BC359C), ref: 00BC5A8B
              • __init_pointers.LIBCMT ref: 00BC5A95
              • EncodePointer.KERNEL32(?,00BC359C), ref: 00BC5AA6
              • EncodePointer.KERNEL32(?,00BC359C), ref: 00BC5AB3
              • EncodePointer.KERNEL32(?,00BC359C), ref: 00BC5AC0
              • EncodePointer.KERNEL32(?,00BC359C), ref: 00BC5ACD
              • DecodePointer.KERNEL32(00BC58A0,?,00BC359C), ref: 00BC5AEE
              • __calloc_crt.LIBCMT ref: 00BC5B03
              • DecodePointer.KERNEL32(00000000,?,00BC359C), ref: 00BC5B1D
              • GetCurrentThreadId.KERNEL32 ref: 00BC5B2F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
              • API String ID: 3698121176-3819984048
              • Opcode ID: 314a5c1047e3599aa05b039327fd31edc8eb9b61b132357fe6282248337851c7
              • Instruction ID: d2a802bb24d7246b11462ddd0912c751d1800b71f3104cf71355050bd07c9a73
              • Opcode Fuzzy Hash: 314a5c1047e3599aa05b039327fd31edc8eb9b61b132357fe6282248337851c7
              • Instruction Fuzzy Hash: 19311F35903611ABD7316B7AAC79F19BFE4E754360B14095BE414A31A1EF78A8428B50
              Function 00BC2000 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 194sleepprocessfileCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • _memset.LIBCMT ref: 00BC2031
              • _memset.LIBCMT ref: 00BC2049
              • lstrcpyA.KERNEL32(?,L5Sxfak`x|S|v|{jb<=Slbk!jwj), ref: 00BC205D
              • _sprintf.LIBCMT ref: 00BC2091
              • CreatePipe.KERNEL32 ref: 00BC20CD
              • _memset.LIBCMT ref: 00BC20DD
              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00BC215D
              • Sleep.KERNEL32(000001F4), ref: 00BC2196
              • WaitForSingleObject.KERNEL32(?,0002BF20), ref: 00BC21A4
              • GetExitCodeProcess.KERNEL32(?,?), ref: 00BC21B8
              • TerminateProcess.KERNEL32(?,00000000), ref: 00BC21D6
              • CloseHandle.KERNEL32(?), ref: 00BC21E9
              • CloseHandle.KERNEL32(?), ref: 00BC21F2
              • CloseHandle.KERNEL32(?), ref: 00BC21FB
              • CloseHandle.KERNEL32(?), ref: 00BC220F
              • CloseHandle.KERNEL32(?), ref: 00BC2218
              • ReadFile.KERNEL32(?,?,00001FA0,00000001,00000000), ref: 00BC223B
              • CloseHandle.KERNEL32(?), ref: 00BC2284
                • Part of subcall function 00BC12A0: send.WS2_32(?,?,00004C5B,00000000), ref: 00BC13F1
              • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,00040000), ref: 00BC2279
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: CloseHandle$Process_memset$CreateSleep$CodeExitFileObjectPipeReadSingleTerminateWait_sprintflstrcpysend
              • String ID: %s /c %s$D$L5Sxfak`x|S|v|{jb<=Slbk!jwj
              • API String ID: 2039536558-3632673802
              • Opcode ID: 74838e153c253f808bebfc7f5a10b2c74083206f1f408ad20967a0b348f53d94
              • Instruction ID: 216c40132fc5848db7d15a90894a0e760ab43ade11cc667b6acce548f25e707a
              • Opcode Fuzzy Hash: 74838e153c253f808bebfc7f5a10b2c74083206f1f408ad20967a0b348f53d94
              • Instruction Fuzzy Hash: 9C7111F5E00218AFDB24DBA4DC80EAEB7B8EB48300F4045EDF609A7150DA745E858F69
              Function 00BC1570 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 120registrystringCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 327 bc1570-bc1633 call bc68f0 * 3 lstrcpyA 334 bc1635 327->334 335 bc1642-bc1646 327->335 336 bc1637-bc1640 334->336 337 bc164c-bc166b RegOpenKeyExA 335->337 338 bc170d-bc171e call bc2d39 335->338 336->335 336->336 337->338 340 bc1671-bc167d 337->340 341 bc1687-bc168c 340->341 343 bc168e 341->343 344 bc169b-bc16d9 call bc68f0 RegQueryValueExA 341->344 345 bc1690-bc1699 343->345 348 bc16db-bc16ef lstrcatA * 2 344->348 349 bc16f5-bc16fe 344->349 345->344 345->345 348->349 349->341 350 bc1700-bc1707 RegCloseKey 349->350 350->338
              APIs
              • _memset.LIBCMT ref: 00BC15C4
              • _memset.LIBCMT ref: 00BC1605
              • _memset.LIBCMT ref: 00BC1618
              • lstrcpyA.KERNEL32(?,00BCE2A3), ref: 00BC1626
              • RegOpenKeyExA.ADVAPI32(80000002,00000000,00000000,00020019,?,?,00BCE2A3), ref: 00BC1663
              • _memset.LIBCMT ref: 00BC16B3
              • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000100,?,?,00BCE2A3), ref: 00BC16D5
              • lstrcatA.KERNEL32(?,?,?,?,00BCE2A3), ref: 00BC16E3
              • lstrcatA.KERNEL32(?,00BCE2A4,?,?,?,?,00BCE2A3), ref: 00BC16EF
              • RegCloseKey.ADVAPI32(?,?,?,00BCE2A3), ref: 00BC1707
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: _memset$lstrcat$CloseOpenQueryValuelstrcpy
              • String ID: L\KYj}|f`a$\@I[XN]JSBfl}`|`i{SXfak`x|/A[SLz}}ja{Yj}|f`aS$_}`kzl{Anbj
              • API String ID: 3930758678-146727092
              • Opcode ID: 697fa8e724c59d7c0d3fb591fd21e3914d7d20248f77659233ad403515cd87cd
              • Instruction ID: 64b03da0185bf8ac410cc29daf3450f2635bfbc3a5e7b85e8256add79f86e619
              • Opcode Fuzzy Hash: 697fa8e724c59d7c0d3fb591fd21e3914d7d20248f77659233ad403515cd87cd
              • Instruction Fuzzy Hash: 6B41AF71A01318AFEB21CB64DC55F9ABBBDAB49700F1044DDF509AB181DBB09E85CF90
              Function 00BC1D9E Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 128filenetworkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 351 bc1d9e-bc1dde 353 bc1de4-bc1de6 351->353 354 bc1ef5 351->354 355 bc1ded-bc1e34 GetTempPathA SetCurrentDirectoryA DeleteUrlCacheEntry CreateFileA 353->355 356 bc1de8 353->356 357 bc1ef7-bc1f07 call bc2d39 354->357 355->354 358 bc1e3a-bc1e4d 355->358 356->355 358->354 362 bc1e53-bc1e7a call bc68f0 358->362 365 bc1e80-bc1ed5 WriteFile call bc68f0 362->365 369 bc1edc-bc1ef3 CloseHandle 365->369 370 bc1ed7-bc1eda 365->370 369->354 369->357 370->365 370->369
              APIs
              • GetTempPathA.KERNEL32(00000100,?), ref: 00BC1DF9
              • SetCurrentDirectoryA.KERNEL32(?), ref: 00BC1E06
              • DeleteUrlCacheEntry.WININET ref: 00BC1E0D
              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00BC1E29
              • URLOpenBlockingStreamA.URLMON(00000000,?,?,00000000,00000000), ref: 00BC1E45
              • _memset.LIBCMT ref: 00BC1E6C
              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00BC1EBB
              • _memset.LIBCMT ref: 00BC1ECB
              • CloseHandle.KERNEL32(00000000), ref: 00BC1EEB
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: File_memset$BlockingCacheCloseCreateCurrentDeleteDirectoryEntryHandleOpenPathStreamTempWrite
              • String ID: P6u$sec.exe
              • API String ID: 1790114914-3636431342
              • Opcode ID: c1ccba18ab23218a248134a0818f3e78d84d2339d1bac67fb2cf2e985cc8c79a
              • Instruction ID: 45dbe7c53e3e96e193448f13701ff4f325817902eb1a0e033fb51b2ad2c441a0
              • Opcode Fuzzy Hash: c1ccba18ab23218a248134a0818f3e78d84d2339d1bac67fb2cf2e985cc8c79a
              • Instruction Fuzzy Hash: D3316275900118AFD710DB68DC80FEAB7BCEF49704F0485EDEA49E7141DE705E868BA0
              Function 00BC1DC0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 106filenetworkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 372 bc1dc0-bc1dde 373 bc1de4-bc1de6 372->373 374 bc1ef5 372->374 375 bc1ded-bc1e34 GetTempPathA SetCurrentDirectoryA DeleteUrlCacheEntry CreateFileA 373->375 376 bc1de8 373->376 377 bc1ef7-bc1f07 call bc2d39 374->377 375->374 378 bc1e3a-bc1e4d 375->378 376->375 378->374 382 bc1e53-bc1e7a call bc68f0 378->382 385 bc1e80-bc1ed5 WriteFile call bc68f0 382->385 389 bc1edc-bc1ef3 CloseHandle 385->389 390 bc1ed7-bc1eda 385->390 389->374 389->377 390->385 390->389
              APIs
              • GetTempPathA.KERNEL32(00000100,?), ref: 00BC1DF9
              • SetCurrentDirectoryA.KERNEL32(?), ref: 00BC1E06
              • DeleteUrlCacheEntry.WININET ref: 00BC1E0D
              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00BC1E29
              • URLOpenBlockingStreamA.URLMON(00000000,?,?,00000000,00000000), ref: 00BC1E45
              • _memset.LIBCMT ref: 00BC1E6C
              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00BC1EBB
              • _memset.LIBCMT ref: 00BC1ECB
              • CloseHandle.KERNEL32(00000000), ref: 00BC1EEB
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: File_memset$BlockingCacheCloseCreateCurrentDeleteDirectoryEntryHandleOpenPathStreamTempWrite
              • String ID: P6u$sec.exe
              • API String ID: 1790114914-3636431342
              • Opcode ID: 098fea9655005450e9c30ad9fe6c5c1731608b79eff68893df48a6075cfe60d0
              • Instruction ID: 38efde4bbb249c8be082ea9a3e22509e2751265ec2d82569745fe2a596bedfa5
              • Opcode Fuzzy Hash: 098fea9655005450e9c30ad9fe6c5c1731608b79eff68893df48a6075cfe60d0
              • Instruction Fuzzy Hash: AB315072A00118AFD750DB68DC80FEAB7BCEB59704F0485EDEA49E7141DE705E468BA0
              Function 00BC1460 Relevance: 12.1, APIs: 8, Instructions: 98networkCOMMON
              Download Yara Rule
              APIs
              • gethostbyname.WS2_32(?), ref: 00BC1476
              • WSAGetLastError.WS2_32 ref: 00BC1482
              • socket.WS2_32(00000002,00000001,00000000), ref: 00BC14A0
              • htons.WS2_32(?), ref: 00BC14D6
              • connect.WS2_32(00000000,?,00000010), ref: 00BC14E7
              • closesocket.WS2_32(00000000), ref: 00BC14F3
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: ErrorLastclosesocketconnectgethostbynamehtonssocket
              • String ID:
              • API String ID: 1599336672-0
              • Opcode ID: 389a3f0ad58a82dca8f5624b475f00d41ba3d57b87ed9f3376a1dc53421e75b9
              • Instruction ID: dda7d1710fa11f6f76ba2c43087cece819ae3e26b0696088514b1f61d851f8d7
              • Opcode Fuzzy Hash: 389a3f0ad58a82dca8f5624b475f00d41ba3d57b87ed9f3376a1dc53421e75b9
              • Instruction Fuzzy Hash: 5E316475A00118AFDB00DFA9DC45FEEBBB8EF5D310F10459AF919E7281DB705A048BA0
              Function 00BC5759 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00BCE798,00000008,00BC5861,00000000,00000000,?,?,00BC4727,00BC2E8F,20141104,?,00BC182C,00000288), ref: 00BC576A
              • __lock.LIBCMT ref: 00BC579E
                • Part of subcall function 00BC8A6F: __mtinitlocknum.LIBCMT ref: 00BC8A85
                • Part of subcall function 00BC8A6F: __amsg_exit.LIBCMT ref: 00BC8A91
                • Part of subcall function 00BC8A6F: EnterCriticalSection.KERNEL32(?,?,?,00BC57A3,0000000D), ref: 00BC8A99
              • InterlockedIncrement.KERNEL32(00BD01C0), ref: 00BC57AB
              • __lock.LIBCMT ref: 00BC57BF
              • ___addlocaleref.LIBCMT ref: 00BC57DD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
              • String ID: KERNEL32.DLL
              • API String ID: 637971194-2576044830
              • Opcode ID: 5ea04b478a464e07f486e9308973b52195d7e53e14f5afe75af4a94cc91500b6
              • Instruction ID: 24574e1a37052c5a8935c0dc135541c7c5bdc0ccd7747844ed9aac21bbcd2628
              • Opcode Fuzzy Hash: 5ea04b478a464e07f486e9308973b52195d7e53e14f5afe75af4a94cc91500b6
              • Instruction Fuzzy Hash: 93016175445B00DEE720AF69C806B09FBE0EF54320F10498EE49A976A1CFB4AA80CF15
              Function 00BC4EDC Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __getptd.LIBCMT ref: 00BC4EE8
                • Part of subcall function 00BC5886: __getptd_noexit.LIBCMT ref: 00BC5889
                • Part of subcall function 00BC5886: __amsg_exit.LIBCMT ref: 00BC5896
              • __amsg_exit.LIBCMT ref: 00BC4F08
              • __lock.LIBCMT ref: 00BC4F18
              • InterlockedDecrement.KERNEL32(?), ref: 00BC4F35
              • _free.LIBCMT ref: 00BC4F48
              • InterlockedIncrement.KERNEL32(00BA1660), ref: 00BC4F60
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
              • String ID:
              • API String ID: 3470314060-0
              • Opcode ID: 83779f8fb66c292c2ff1a2489f8d9bffb1536ea228a5d36536acbb12cc227a81
              • Instruction ID: e8c4cc87e9c5cdf429fe2d386cfb50b7c8f5abaa937ab5100641f7a617b508b9
              • Opcode Fuzzy Hash: 83779f8fb66c292c2ff1a2489f8d9bffb1536ea228a5d36536acbb12cc227a81
              • Instruction Fuzzy Hash: 8F016D32901A219BE721AB299955F5DB7E0EB14720F0440DEF858A7291DF34AA80CFE5
              Function 00BC1F10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72processCOMMON
              Download Yara Rule
              APIs
              • GetTempPathA.KERNEL32(00000100,?), ref: 00BC1F31
              • _memset.LIBCMT ref: 00BC1F43
              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00BC1FAD
              • CloseHandle.KERNEL32(?,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00BC1FD7
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: CloseCreateHandlePathProcessTemp_memset
              • String ID: D
              • API String ID: 2237058899-2746444292
              • Opcode ID: e4de81157e87850984a069c41784537982933dfa53fa1e9af8b2d7655287031f
              • Instruction ID: 4930421867ca5b6ae49797058274e0bc2d15cf4378ce565898aae4ae51081faa
              • Opcode Fuzzy Hash: e4de81157e87850984a069c41784537982933dfa53fa1e9af8b2d7655287031f
              • Instruction Fuzzy Hash: 4C214571A4021C9BD764DF64DC42FDAB7F4EB58700F1041EDE60DE7180DA755E858B94
              Function 00BC565D Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __getptd.LIBCMT ref: 00BC5669
                • Part of subcall function 00BC5886: __getptd_noexit.LIBCMT ref: 00BC5889
                • Part of subcall function 00BC5886: __amsg_exit.LIBCMT ref: 00BC5896
              • __getptd.LIBCMT ref: 00BC5680
              • __amsg_exit.LIBCMT ref: 00BC568E
              • __lock.LIBCMT ref: 00BC569E
              • __updatetlocinfoEx_nolock.LIBCMT ref: 00BC56B2
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
              • String ID:
              • API String ID: 938513278-0
              • Opcode ID: 856ba225b426ad2011a234651792d7feb9cf9a94e8d0605ba84ea1ba9f01a454
              • Instruction ID: 86497d7904cbcee917ea2865a9326ac2054352cea03ae6aa7530a4180b1f482d
              • Opcode Fuzzy Hash: 856ba225b426ad2011a234651792d7feb9cf9a94e8d0605ba84ea1ba9f01a454
              • Instruction Fuzzy Hash: 2AF09032956F109BE731BB789902F4D73D0AF10724F9041EEF4546B2D2DF6869808E69
              Function 00BC1899 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: _sprintf$_free
              • String ID: %2.2X
              • API String ID: 371584759-791839006
              • Opcode ID: 2fb1c262e504c751909a8d105cca152aceb5dacc4721000c6f01fcd76a3c53e3
              • Instruction ID: d0e9a4ea35ff3d30ae52f5960f8ef6b90ea6a47ab3ea53f6184fbb7cd36bcfd8
              • Opcode Fuzzy Hash: 2fb1c262e504c751909a8d105cca152aceb5dacc4721000c6f01fcd76a3c53e3
              • Instruction Fuzzy Hash: 2D212E319042598BCB21CF68DCA1FEAB3F5EF56344F044DEDD9D9AB102D671DA498B80
              Function 00BCA3C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00BCA3FD
              • __isleadbyte_l.LIBCMT ref: 00BCA430
              • MultiByteToWideChar.KERNEL32(0FF6850C,00000009,?,FFFFF890,00000000,00000000,?,?,?,00BC1937,?,00000000), ref: 00BCA461
              • MultiByteToWideChar.KERNEL32(0FF6850C,00000009,?,00000001,00000000,00000000,?,?,?,00BC1937,?,00000000), ref: 00BCA4CF
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
              • String ID:
              • API String ID: 3058430110-0
              • Opcode ID: 082cf1eb45a68f1adc3fe6bafde4b4529658217b5e65b7c618f19a396dbba3a2
              • Instruction ID: 18a84765b807cf72d1de9d57bf0dd624cc4dbaf813e819b399a56e92487f09e3
              • Opcode Fuzzy Hash: 082cf1eb45a68f1adc3fe6bafde4b4529658217b5e65b7c618f19a396dbba3a2
              • Instruction Fuzzy Hash: B931CE30A10289EFDB24DFA4C899FAE3BE4EF01319B1445EDE0609B291D770DD80DB52
              Function 00BC2910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50stringCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1714040534.0000000000BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true
              • Associated: 00000000.00000002.1714021433.0000000000BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714076266.0000000000BCC000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714111337.0000000000BD0000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.1714142955.0000000000BD4000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bc0000_7rtK9LWbTc.jbxd
              Similarity
              • API ID: lstrcpy
              • String ID: >9:!>6;!>=<!98
              • API String ID: 3722407311-3495900054
              • Opcode ID: 9465410e7ed3c800fa80d7c8100a5bf44cfff372409e0209f89eb63013129792
              • Instruction ID: f6aa292ca476b631470c459ad30045cc4c4c152c80281eef5b10883edbda141d
              • Opcode Fuzzy Hash: 9465410e7ed3c800fa80d7c8100a5bf44cfff372409e0209f89eb63013129792
              • Instruction Fuzzy Hash: 5801D8715041565FDB254B28D894FBABBD5EB5A300F5C40FAE5868B212C6B2DC4187E1

              Execution Graph

              Execution Coverage:7.4%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:0%
              Total number of Nodes:1840
              Total number of Limit Nodes:14
              execution_graph 7588 f78317 7589 f78324 7588->7589 7590 f78554 __calloc_crt 64 API calls 7589->7590 7591 f7833e 7590->7591 7592 f78554 __calloc_crt 64 API calls 7591->7592 7593 f78357 7591->7593 7592->7593 7304 f73655 7305 f73664 7304->7305 7306 f7366a 7304->7306 7307 f74a22 _raise 64 API calls 7305->7307 7310 f74a47 7306->7310 7307->7306 7309 f7366f _doexit 7311 f748cc _doexit 64 API calls 7310->7311 7312 f74a52 7311->7312 7312->7309 7289 f76d73 7290 f78554 __calloc_crt 64 API calls 7289->7290 7291 f76d7f EncodePointer 7290->7291 7292 f76d98 7291->7292 5506 f73512 5546 f776a0 5506->5546 5508 f7351e GetStartupInfoW 5509 f73532 HeapSetInformation 5508->5509 5511 f7353d 5508->5511 5509->5511 5547 f7476b HeapCreate 5511->5547 5512 f7358b 5513 f73596 5512->5513 5661 f734e9 5512->5661 5548 f759cf GetModuleHandleW 5513->5548 5516 f7359c 5517 f735a7 __RTC_Initialize 5516->5517 5518 f734e9 _fast_error_exit 64 API calls 5516->5518 5573 f77404 GetStartupInfoW 5517->5573 5518->5517 5521 f735c1 GetCommandLineA 5586 f7736d GetEnvironmentStringsW 5521->5586 5528 f735e6 5612 f7703c 5528->5612 5529 f74a56 __amsg_exit 64 API calls 5529->5528 5531 f735ec 5532 f735f7 5531->5532 5533 f74a56 __amsg_exit 64 API calls 5531->5533 5632 f74835 5532->5632 5533->5532 5535 f735ff 5536 f7360a 5535->5536 5538 f74a56 __amsg_exit 64 API calls 5535->5538 5638 f76fdd 5536->5638 5538->5536 5542 f7363a 5679 f74a38 5542->5679 5545 f7363f _doexit 5546->5508 5547->5512 5549 f759e3 5548->5549 5550 f759ec GetProcAddress GetProcAddress GetProcAddress GetProcAddress 5548->5550 5682 f7571c 5549->5682 5551 f75a36 TlsAlloc 5550->5551 5555 f75b45 5551->5555 5556 f75a84 TlsSetValue 5551->5556 5555->5516 5556->5555 5557 f75a95 5556->5557 5692 f747de 5557->5692 5562 f75b40 5564 f7571c __mtterm 68 API calls 5562->5564 5563 f75add DecodePointer 5565 f75af2 5563->5565 5564->5555 5565->5562 5701 f78554 5565->5701 5568 f75b10 DecodePointer 5569 f75b21 5568->5569 5569->5562 5570 f75b25 5569->5570 5707 f75759 5570->5707 5572 f75b2d GetCurrentThreadId 5572->5555 5574 f78554 __calloc_crt 64 API calls 5573->5574 5576 f77422 5574->5576 5575 f735b5 5575->5521 5669 f74a56 5575->5669 5576->5575 5578 f78554 __calloc_crt 64 API calls 5576->5578 5580 f77597 5576->5580 5585 f77517 5576->5585 5577 f775cd GetStdHandle 5577->5580 5578->5576 5579 f77631 SetHandleCount 5579->5575 5580->5577 5580->5579 5581 f775df GetFileType 5580->5581 5584 f77605 InitializeCriticalSectionAndSpinCount 5580->5584 5581->5580 5582 f77543 GetFileType 5583 f7754e InitializeCriticalSectionAndSpinCount 5582->5583 5582->5585 5583->5575 5583->5585 5584->5575 5584->5580 5585->5580 5585->5582 5585->5583 5587 f735d1 5586->5587 5588 f77389 WideCharToMultiByte 5586->5588 5599 f772b2 5587->5599 5590 f773f6 FreeEnvironmentStringsW 5588->5590 5591 f773be 5588->5591 5590->5587 5592 f7850f __malloc_crt 64 API calls 5591->5592 5593 f773c4 5592->5593 5593->5590 5594 f773cc WideCharToMultiByte 5593->5594 5595 f773de 5594->5595 5596 f773ea FreeEnvironmentStringsW 5594->5596 5597 f72dcc _free 64 API calls 5595->5597 5596->5587 5598 f773e6 5597->5598 5598->5596 5600 f772c7 5599->5600 5601 f772cc GetModuleFileNameA 5599->5601 5952 f7537f 5600->5952 5603 f772f3 5601->5603 5946 f77118 5603->5946 5606 f735db 5606->5528 5606->5529 5607 f7732f 5608 f7850f __malloc_crt 64 API calls 5607->5608 5609 f77335 5608->5609 5609->5606 5610 f77118 _parse_cmdline 74 API calls 5609->5610 5611 f7734f 5610->5611 5611->5606 5613 f77045 5612->5613 5615 f7704a _strlen 5612->5615 5614 f7537f ___initmbctable 92 API calls 5613->5614 5614->5615 5616 f78554 __calloc_crt 64 API calls 5615->5616 5619 f77058 5615->5619 5621 f7707f _strlen 5616->5621 5617 f770ce 5618 f72dcc _free 64 API calls 5617->5618 5618->5619 5619->5531 5620 f78554 __calloc_crt 64 API calls 5620->5621 5621->5617 5621->5619 5621->5620 5622 f770f4 5621->5622 5625 f7710b 5621->5625 6393 f7992b 5621->6393 5623 f72dcc _free 64 API calls 5622->5623 5623->5619 5626 f7467e __invoke_watson 10 API calls 5625->5626 5628 f77117 5626->5628 5627 f7a064 __wincmdln 74 API calls 5627->5628 5628->5627 5630 f771a4 5628->5630 5629 f772a2 5629->5531 5630->5629 5631 f7a064 74 API calls __wincmdln 5630->5631 5631->5630 5634 f74843 __IsNonwritableInCurrentImage 5632->5634 6402 f784ec 5634->6402 5635 f74861 __initterm_e 5637 f74882 __IsNonwritableInCurrentImage 5635->5637 6405 f76de0 5635->6405 5637->5535 5639 f76feb 5638->5639 5642 f76ff0 5638->5642 5640 f7537f ___initmbctable 92 API calls 5639->5640 5640->5642 5641 f73610 5644 f72c50 GetCommandLineA 5641->5644 5642->5641 5643 f7a064 __wincmdln 74 API calls 5642->5643 5643->5642 6470 f71ca0 lstrlenA GlobalAlloc 5644->6470 5649 f72cff OpenMutexA 5652 f72cf7 ExitProcess 5649->5652 5653 f72d17 CreateMutexA 5649->5653 5650 f72c9c wsprintfA 6493 f72a50 GetModuleFileNameA lstrcpyA 5650->6493 6478 f727e0 WSAStartup 5653->6478 5656 f72cd1 5657 f72cde ShellExecuteA 5656->5657 5657->5652 5659 f72d39 __write_nolock 5 API calls 5660 f72d33 5659->5660 5660->5542 5676 f74a0c 5660->5676 5662 f734f7 5661->5662 5663 f734fc 5661->5663 5664 f74c49 __FF_MSGBANNER 64 API calls 5662->5664 5665 f74a9a __NMSG_WRITE 64 API calls 5663->5665 5664->5663 5666 f73504 5665->5666 5667 f747b4 _doexit 3 API calls 5666->5667 5668 f7350e 5667->5668 5668->5513 5670 f74c49 __FF_MSGBANNER 64 API calls 5669->5670 5671 f74a60 5670->5671 5672 f74a9a __NMSG_WRITE 64 API calls 5671->5672 5673 f74a68 5672->5673 7256 f74a22 5673->7256 5677 f748cc _doexit 64 API calls 5676->5677 5678 f74a1d 5677->5678 5678->5542 5680 f748cc _doexit 64 API calls 5679->5680 5681 f74a43 5680->5681 5681->5545 5683 f75726 DecodePointer 5682->5683 5685 f75735 5682->5685 5683->5685 5684 f75746 TlsFree 5686 f75754 5684->5686 5685->5684 5685->5686 5687 f78973 5686->5687 5688 f7895b DeleteCriticalSection 5686->5688 5690 f78985 DeleteCriticalSection 5687->5690 5691 f759e8 5687->5691 5720 f72dcc 5688->5720 5690->5687 5691->5516 5746 f756d6 EncodePointer 5692->5746 5694 f747e6 __init_pointers __initp_misc_winsig 5747 f78adb EncodePointer 5694->5747 5696 f7480c EncodePointer EncodePointer EncodePointer EncodePointer 5697 f788f5 5696->5697 5698 f78900 5697->5698 5699 f7890a InitializeCriticalSectionAndSpinCount 5698->5699 5700 f75ad9 5698->5700 5699->5698 5699->5700 5700->5562 5700->5563 5703 f7855d 5701->5703 5704 f75b08 5703->5704 5705 f7857b Sleep 5703->5705 5748 f7a763 5703->5748 5704->5562 5704->5568 5706 f78590 5705->5706 5706->5703 5706->5704 5758 f776a0 5707->5758 5709 f75765 GetModuleHandleW 5759 f78a6f 5709->5759 5711 f757a3 InterlockedIncrement 5766 f757fb 5711->5766 5714 f78a6f __lock 62 API calls 5715 f757c4 5714->5715 5769 f7539d InterlockedIncrement 5715->5769 5717 f757e2 5781 f75804 5717->5781 5719 f757ef _doexit 5719->5572 5721 f72dd7 HeapFree 5720->5721 5722 f72e00 _free 5720->5722 5721->5722 5723 f72dec 5721->5723 5722->5686 5726 f74722 5723->5726 5729 f7580d GetLastError 5726->5729 5728 f72df2 GetLastError 5728->5722 5743 f756e8 TlsGetValue 5729->5743 5732 f7587a SetLastError 5732->5728 5733 f78554 __calloc_crt 60 API calls 5734 f75838 5733->5734 5734->5732 5735 f75840 DecodePointer 5734->5735 5736 f75855 5735->5736 5737 f75871 5736->5737 5738 f75859 5736->5738 5740 f72dcc _free 60 API calls 5737->5740 5739 f75759 __getptd_noexit 60 API calls 5738->5739 5741 f75861 GetCurrentThreadId 5739->5741 5742 f75877 5740->5742 5741->5732 5742->5732 5744 f756fd DecodePointer TlsSetValue 5743->5744 5745 f75718 5743->5745 5744->5745 5745->5732 5745->5733 5746->5694 5747->5696 5749 f7a76f 5748->5749 5752 f7a78a 5748->5752 5750 f7a77b 5749->5750 5749->5752 5751 f74722 _free 64 API calls 5750->5751 5753 f7a780 5751->5753 5755 f7a7c4 5752->5755 5756 f74c91 DecodePointer 5752->5756 5753->5703 5755->5703 5757 f74ca6 5756->5757 5757->5752 5758->5709 5760 f78a97 EnterCriticalSection 5759->5760 5761 f78a84 5759->5761 5760->5711 5784 f789ad 5761->5784 5763 f78a8a 5763->5760 5764 f74a56 __amsg_exit 63 API calls 5763->5764 5765 f78a96 5764->5765 5765->5760 5944 f78996 LeaveCriticalSection 5766->5944 5768 f757bd 5768->5714 5770 f753be 5769->5770 5771 f753bb InterlockedIncrement 5769->5771 5772 f753cb 5770->5772 5773 f753c8 InterlockedIncrement 5770->5773 5771->5770 5774 f753d5 InterlockedIncrement 5772->5774 5775 f753d8 5772->5775 5773->5772 5774->5775 5776 f753e2 InterlockedIncrement 5775->5776 5778 f753e5 5775->5778 5776->5778 5777 f753fe InterlockedIncrement 5777->5778 5778->5777 5779 f75419 InterlockedIncrement 5778->5779 5780 f7540e InterlockedIncrement 5778->5780 5779->5717 5780->5778 5945 f78996 LeaveCriticalSection 5781->5945 5783 f7580b 5783->5719 5785 f789b9 _doexit 5784->5785 5786 f789df 5785->5786 5809 f74c49 5785->5809 5794 f789ef _doexit 5786->5794 5845 f7850f 5786->5845 5792 f78a01 5797 f74722 _free 63 API calls 5792->5797 5793 f78a10 5798 f78a6f __lock 63 API calls 5793->5798 5794->5763 5797->5794 5799 f78a17 5798->5799 5800 f78a1f InitializeCriticalSectionAndSpinCount 5799->5800 5801 f78a4a 5799->5801 5803 f78a3b 5800->5803 5804 f78a2f 5800->5804 5802 f72dcc _free 63 API calls 5801->5802 5802->5803 5850 f78a66 5803->5850 5805 f72dcc _free 63 API calls 5804->5805 5806 f78a35 5805->5806 5808 f74722 _free 63 API calls 5806->5808 5808->5803 5853 f79188 5809->5853 5811 f74c50 5813 f79188 __FF_MSGBANNER 64 API calls 5811->5813 5815 f74c5d 5811->5815 5812 f74a9a __NMSG_WRITE 64 API calls 5814 f74c75 5812->5814 5813->5815 5817 f74a9a __NMSG_WRITE 64 API calls 5814->5817 5815->5812 5816 f74c7f 5815->5816 5818 f74a9a 5816->5818 5817->5816 5819 f74abb __NMSG_WRITE 5818->5819 5821 f79188 __FF_MSGBANNER 61 API calls 5819->5821 5841 f74bd7 5819->5841 5823 f74ad5 5821->5823 5822 f74c47 5842 f747b4 5822->5842 5824 f74be6 GetStdHandle 5823->5824 5825 f79188 __FF_MSGBANNER 61 API calls 5823->5825 5828 f74bf4 _strlen 5824->5828 5824->5841 5826 f74ae6 5825->5826 5826->5824 5827 f74af8 5826->5827 5827->5841 5878 f79125 5827->5878 5831 f74c2a WriteFile 5828->5831 5828->5841 5831->5841 5832 f74b24 GetModuleFileNameW 5833 f74b45 5832->5833 5837 f74b51 _wcslen 5832->5837 5834 f79125 __NMSG_WRITE 61 API calls 5833->5834 5834->5837 5835 f7467e __invoke_watson 10 API calls 5835->5837 5836 f78fc8 61 API calls __NMSG_WRITE 5836->5837 5837->5835 5837->5836 5839 f74bc7 5837->5839 5887 f7903d 5837->5887 5896 f78e5c 5839->5896 5914 f72d39 5841->5914 5924 f74789 GetModuleHandleW 5842->5924 5849 f78518 5845->5849 5847 f7854e 5847->5792 5847->5793 5848 f7852f Sleep 5848->5849 5849->5847 5849->5848 5927 f72e06 5849->5927 5943 f78996 LeaveCriticalSection 5850->5943 5852 f78a6d 5852->5794 5854 f79194 5853->5854 5855 f7919e 5854->5855 5856 f74722 _free 64 API calls 5854->5856 5855->5811 5857 f791b7 5856->5857 5860 f746d0 5857->5860 5863 f746a3 DecodePointer 5860->5863 5864 f746b8 5863->5864 5869 f7467e 5864->5869 5866 f746cf 5867 f746a3 __fclose_nolock 10 API calls 5866->5867 5868 f746dc 5867->5868 5868->5811 5872 f74555 5869->5872 5873 f74574 _memset __call_reportfault 5872->5873 5874 f74592 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5873->5874 5876 f74660 __call_reportfault 5874->5876 5875 f72d39 __write_nolock 5 API calls 5877 f7467c GetCurrentProcess TerminateProcess 5875->5877 5876->5875 5877->5866 5879 f79133 5878->5879 5880 f7913a 5878->5880 5879->5880 5884 f7915b 5879->5884 5881 f74722 _free 64 API calls 5880->5881 5882 f7913f 5881->5882 5883 f746d0 __fclose_nolock 11 API calls 5882->5883 5885 f74b19 5883->5885 5884->5885 5886 f74722 _free 64 API calls 5884->5886 5885->5832 5885->5837 5886->5882 5888 f7904f 5887->5888 5890 f79058 5888->5890 5891 f79053 5888->5891 5893 f79096 5888->5893 5889 f74722 _free 64 API calls 5895 f7906f 5889->5895 5890->5837 5891->5889 5891->5890 5892 f746d0 __fclose_nolock 11 API calls 5892->5890 5893->5890 5894 f74722 _free 64 API calls 5893->5894 5894->5895 5895->5892 5922 f756d6 EncodePointer 5896->5922 5898 f78e82 5899 f78e92 LoadLibraryW 5898->5899 5900 f78f0f 5898->5900 5901 f78fa7 5899->5901 5902 f78ea7 GetProcAddress 5899->5902 5906 f78f29 DecodePointer DecodePointer 5900->5906 5910 f78f3c 5900->5910 5907 f72d39 __write_nolock 5 API calls 5901->5907 5902->5901 5905 f78ebd 7 API calls 5902->5905 5903 f78f72 DecodePointer 5904 f78f9b DecodePointer 5903->5904 5908 f78f79 5903->5908 5904->5901 5905->5900 5909 f78eff GetProcAddress EncodePointer 5905->5909 5906->5910 5911 f78fc6 5907->5911 5908->5904 5913 f78f8c DecodePointer 5908->5913 5909->5900 5910->5903 5910->5904 5912 f78f5f 5910->5912 5911->5841 5912->5904 5913->5904 5913->5912 5915 f72d43 IsDebuggerPresent 5914->5915 5916 f72d41 5914->5916 5923 f7792a 5915->5923 5916->5822 5919 f73756 SetUnhandledExceptionFilter UnhandledExceptionFilter 5920 f7377b GetCurrentProcess TerminateProcess 5919->5920 5921 f73773 __call_reportfault 5919->5921 5920->5822 5921->5920 5922->5898 5923->5919 5925 f747ad ExitProcess 5924->5925 5926 f7479d GetProcAddress 5924->5926 5926->5925 5928 f72e83 5927->5928 5932 f72e14 5927->5932 5929 f74c91 _malloc DecodePointer 5928->5929 5930 f72e89 5929->5930 5933 f74722 _free 64 API calls 5930->5933 5931 f74c49 __FF_MSGBANNER 64 API calls 5936 f72e1f 5931->5936 5934 f72e7b 5932->5934 5932->5936 5938 f72e6f 5932->5938 5939 f74c91 _malloc DecodePointer 5932->5939 5941 f72e6d 5932->5941 5933->5934 5934->5849 5935 f74a9a __NMSG_WRITE 64 API calls 5935->5936 5936->5931 5936->5932 5936->5935 5937 f747b4 _doexit 3 API calls 5936->5937 5937->5936 5940 f74722 _free 64 API calls 5938->5940 5939->5932 5940->5941 5942 f74722 _free 64 API calls 5941->5942 5942->5934 5943->5852 5944->5768 5945->5783 5948 f77137 5946->5948 5950 f771a4 5948->5950 5956 f7a064 5948->5956 5949 f772a2 5949->5606 5949->5607 5950->5949 5951 f7a064 74 API calls __wincmdln 5950->5951 5951->5950 5953 f7538f 5952->5953 5954 f75388 5952->5954 5953->5601 6280 f751e5 5954->6280 5959 f7a011 5956->5959 5962 f72e9a 5959->5962 5963 f72ead 5962->5963 5969 f72efa 5962->5969 5970 f75886 5963->5970 5966 f72eda 5966->5969 5990 f74edc 5966->5990 5969->5948 5971 f7580d __getptd_noexit 64 API calls 5970->5971 5972 f7588e 5971->5972 5973 f72eb2 5972->5973 5974 f74a56 __amsg_exit 64 API calls 5972->5974 5973->5966 5975 f7565d 5973->5975 5974->5973 5976 f75669 _doexit 5975->5976 5977 f75886 __getptd 64 API calls 5976->5977 5978 f7566e 5977->5978 5979 f7569c 5978->5979 5980 f75680 5978->5980 5981 f78a6f __lock 64 API calls 5979->5981 5982 f75886 __getptd 64 API calls 5980->5982 5983 f756a3 5981->5983 5984 f75685 5982->5984 6006 f75610 5983->6006 5988 f74a56 __amsg_exit 64 API calls 5984->5988 5989 f75693 _doexit 5984->5989 5988->5989 5989->5966 5991 f74ee8 _doexit 5990->5991 5992 f75886 __getptd 64 API calls 5991->5992 5993 f74eed 5992->5993 5994 f78a6f __lock 64 API calls 5993->5994 5995 f74eff 5993->5995 5996 f74f1d 5994->5996 5998 f74f0d _doexit 5995->5998 6002 f74a56 __amsg_exit 64 API calls 5995->6002 5997 f74f66 5996->5997 5999 f74f34 InterlockedDecrement 5996->5999 6000 f74f4e InterlockedIncrement 5996->6000 6276 f74f77 5997->6276 5998->5969 5999->6000 6003 f74f3f 5999->6003 6000->5997 6002->5998 6003->6000 6004 f72dcc _free 64 API calls 6003->6004 6005 f74f4d 6004->6005 6005->6000 6007 f75652 6006->6007 6008 f7561d 6006->6008 6014 f756ca 6007->6014 6008->6007 6009 f7539d ___addlocaleref 8 API calls 6008->6009 6010 f75633 6009->6010 6010->6007 6017 f7542c 6010->6017 6275 f78996 LeaveCriticalSection 6014->6275 6016 f756d1 6016->5984 6018 f754c0 6017->6018 6019 f7543d InterlockedDecrement 6017->6019 6018->6007 6031 f754c5 6018->6031 6020 f75455 6019->6020 6021 f75452 InterlockedDecrement 6019->6021 6022 f75462 6020->6022 6023 f7545f InterlockedDecrement 6020->6023 6021->6020 6024 f7546f 6022->6024 6025 f7546c InterlockedDecrement 6022->6025 6023->6022 6026 f75479 InterlockedDecrement 6024->6026 6028 f7547c 6024->6028 6025->6024 6026->6028 6027 f75495 InterlockedDecrement 6027->6028 6028->6027 6029 f754a5 InterlockedDecrement 6028->6029 6030 f754b0 InterlockedDecrement 6028->6030 6029->6028 6030->6018 6032 f75549 6031->6032 6034 f754dc 6031->6034 6033 f75596 6032->6033 6035 f72dcc _free 64 API calls 6032->6035 6045 f755bf 6033->6045 6101 f792ee 6033->6101 6034->6032 6042 f72dcc _free 64 API calls 6034->6042 6044 f75510 6034->6044 6037 f7556a 6035->6037 6039 f72dcc _free 64 API calls 6037->6039 6046 f7557d 6039->6046 6040 f72dcc _free 64 API calls 6047 f7553e 6040->6047 6041 f72dcc _free 64 API calls 6041->6045 6048 f75505 6042->6048 6043 f75604 6049 f72dcc _free 64 API calls 6043->6049 6050 f72dcc _free 64 API calls 6044->6050 6060 f75531 6044->6060 6045->6043 6051 f72dcc 64 API calls _free 6045->6051 6052 f72dcc _free 64 API calls 6046->6052 6053 f72dcc _free 64 API calls 6047->6053 6061 f796ce 6048->6061 6055 f7560a 6049->6055 6056 f75526 6050->6056 6051->6045 6057 f7558b 6052->6057 6053->6032 6055->6007 6089 f79665 6056->6089 6059 f72dcc _free 64 API calls 6057->6059 6059->6033 6060->6040 6062 f796df 6061->6062 6063 f797c8 6061->6063 6064 f796f0 6062->6064 6065 f72dcc _free 64 API calls 6062->6065 6063->6044 6066 f79702 6064->6066 6067 f72dcc _free 64 API calls 6064->6067 6065->6064 6068 f79714 6066->6068 6069 f72dcc _free 64 API calls 6066->6069 6067->6066 6070 f79726 6068->6070 6071 f72dcc _free 64 API calls 6068->6071 6069->6068 6072 f79738 6070->6072 6073 f72dcc _free 64 API calls 6070->6073 6071->6070 6074 f7974a 6072->6074 6075 f72dcc _free 64 API calls 6072->6075 6073->6072 6076 f7975c 6074->6076 6077 f72dcc _free 64 API calls 6074->6077 6075->6074 6078 f7976e 6076->6078 6079 f72dcc _free 64 API calls 6076->6079 6077->6076 6080 f79780 6078->6080 6081 f72dcc _free 64 API calls 6078->6081 6079->6078 6082 f79792 6080->6082 6083 f72dcc _free 64 API calls 6080->6083 6081->6080 6084 f797a4 6082->6084 6085 f72dcc _free 64 API calls 6082->6085 6083->6082 6086 f797b6 6084->6086 6087 f72dcc _free 64 API calls 6084->6087 6085->6084 6086->6063 6088 f72dcc _free 64 API calls 6086->6088 6087->6086 6088->6063 6090 f79672 6089->6090 6100 f796ca 6089->6100 6091 f79682 6090->6091 6092 f72dcc _free 64 API calls 6090->6092 6093 f79694 6091->6093 6094 f72dcc _free 64 API calls 6091->6094 6092->6091 6095 f796a6 6093->6095 6097 f72dcc _free 64 API calls 6093->6097 6094->6093 6096 f796b8 6095->6096 6098 f72dcc _free 64 API calls 6095->6098 6099 f72dcc _free 64 API calls 6096->6099 6096->6100 6097->6095 6098->6096 6099->6100 6100->6060 6102 f755b4 6101->6102 6103 f792ff 6101->6103 6102->6041 6104 f72dcc _free 64 API calls 6103->6104 6105 f79307 6104->6105 6106 f72dcc _free 64 API calls 6105->6106 6107 f7930f 6106->6107 6108 f72dcc _free 64 API calls 6107->6108 6109 f79317 6108->6109 6110 f72dcc _free 64 API calls 6109->6110 6111 f7931f 6110->6111 6112 f72dcc _free 64 API calls 6111->6112 6113 f79327 6112->6113 6114 f72dcc _free 64 API calls 6113->6114 6115 f7932f 6114->6115 6116 f72dcc _free 64 API calls 6115->6116 6117 f79336 6116->6117 6118 f72dcc _free 64 API calls 6117->6118 6119 f7933e 6118->6119 6120 f72dcc _free 64 API calls 6119->6120 6121 f79346 6120->6121 6122 f72dcc _free 64 API calls 6121->6122 6123 f7934e 6122->6123 6124 f72dcc _free 64 API calls 6123->6124 6125 f79356 6124->6125 6126 f72dcc _free 64 API calls 6125->6126 6127 f7935e 6126->6127 6128 f72dcc _free 64 API calls 6127->6128 6129 f79366 6128->6129 6130 f72dcc _free 64 API calls 6129->6130 6131 f7936e 6130->6131 6132 f72dcc _free 64 API calls 6131->6132 6133 f79376 6132->6133 6134 f72dcc _free 64 API calls 6133->6134 6135 f7937e 6134->6135 6136 f72dcc _free 64 API calls 6135->6136 6137 f79389 6136->6137 6138 f72dcc _free 64 API calls 6137->6138 6139 f79391 6138->6139 6140 f72dcc _free 64 API calls 6139->6140 6141 f79399 6140->6141 6142 f72dcc _free 64 API calls 6141->6142 6143 f793a1 6142->6143 6144 f72dcc _free 64 API calls 6143->6144 6145 f793a9 6144->6145 6146 f72dcc _free 64 API calls 6145->6146 6147 f793b1 6146->6147 6148 f72dcc _free 64 API calls 6147->6148 6149 f793b9 6148->6149 6150 f72dcc _free 64 API calls 6149->6150 6151 f793c1 6150->6151 6152 f72dcc _free 64 API calls 6151->6152 6153 f793c9 6152->6153 6154 f72dcc _free 64 API calls 6153->6154 6155 f793d1 6154->6155 6156 f72dcc _free 64 API calls 6155->6156 6157 f793d9 6156->6157 6158 f72dcc _free 64 API calls 6157->6158 6159 f793e1 6158->6159 6160 f72dcc _free 64 API calls 6159->6160 6161 f793e9 6160->6161 6162 f72dcc _free 64 API calls 6161->6162 6163 f793f1 6162->6163 6164 f72dcc _free 64 API calls 6163->6164 6165 f793f9 6164->6165 6166 f72dcc _free 64 API calls 6165->6166 6167 f79401 6166->6167 6168 f72dcc _free 64 API calls 6167->6168 6169 f7940f 6168->6169 6170 f72dcc _free 64 API calls 6169->6170 6171 f7941a 6170->6171 6172 f72dcc _free 64 API calls 6171->6172 6173 f79425 6172->6173 6174 f72dcc _free 64 API calls 6173->6174 6175 f79430 6174->6175 6176 f72dcc _free 64 API calls 6175->6176 6177 f7943b 6176->6177 6178 f72dcc _free 64 API calls 6177->6178 6179 f79446 6178->6179 6180 f72dcc _free 64 API calls 6179->6180 6181 f79451 6180->6181 6182 f72dcc _free 64 API calls 6181->6182 6183 f7945c 6182->6183 6184 f72dcc _free 64 API calls 6183->6184 6185 f79467 6184->6185 6186 f72dcc _free 64 API calls 6185->6186 6187 f79472 6186->6187 6188 f72dcc _free 64 API calls 6187->6188 6189 f7947d 6188->6189 6190 f72dcc _free 64 API calls 6189->6190 6191 f79488 6190->6191 6192 f72dcc _free 64 API calls 6191->6192 6193 f79493 6192->6193 6194 f72dcc _free 64 API calls 6193->6194 6195 f7949e 6194->6195 6196 f72dcc _free 64 API calls 6195->6196 6197 f794a9 6196->6197 6198 f72dcc _free 64 API calls 6197->6198 6199 f794b4 6198->6199 6200 f72dcc _free 64 API calls 6199->6200 6201 f794c2 6200->6201 6202 f72dcc _free 64 API calls 6201->6202 6203 f794cd 6202->6203 6204 f72dcc _free 64 API calls 6203->6204 6205 f794d8 6204->6205 6206 f72dcc _free 64 API calls 6205->6206 6207 f794e3 6206->6207 6208 f72dcc _free 64 API calls 6207->6208 6209 f794ee 6208->6209 6210 f72dcc _free 64 API calls 6209->6210 6211 f794f9 6210->6211 6212 f72dcc _free 64 API calls 6211->6212 6213 f79504 6212->6213 6214 f72dcc _free 64 API calls 6213->6214 6215 f7950f 6214->6215 6216 f72dcc _free 64 API calls 6215->6216 6217 f7951a 6216->6217 6218 f72dcc _free 64 API calls 6217->6218 6219 f79525 6218->6219 6220 f72dcc _free 64 API calls 6219->6220 6221 f79530 6220->6221 6222 f72dcc _free 64 API calls 6221->6222 6223 f7953b 6222->6223 6224 f72dcc _free 64 API calls 6223->6224 6225 f79546 6224->6225 6226 f72dcc _free 64 API calls 6225->6226 6227 f79551 6226->6227 6228 f72dcc _free 64 API calls 6227->6228 6229 f7955c 6228->6229 6230 f72dcc _free 64 API calls 6229->6230 6231 f79567 6230->6231 6232 f72dcc _free 64 API calls 6231->6232 6233 f79575 6232->6233 6234 f72dcc _free 64 API calls 6233->6234 6235 f79580 6234->6235 6236 f72dcc _free 64 API calls 6235->6236 6237 f7958b 6236->6237 6238 f72dcc _free 64 API calls 6237->6238 6239 f79596 6238->6239 6240 f72dcc _free 64 API calls 6239->6240 6241 f795a1 6240->6241 6242 f72dcc _free 64 API calls 6241->6242 6243 f795ac 6242->6243 6244 f72dcc _free 64 API calls 6243->6244 6245 f795b7 6244->6245 6246 f72dcc _free 64 API calls 6245->6246 6247 f795c2 6246->6247 6248 f72dcc _free 64 API calls 6247->6248 6249 f795cd 6248->6249 6250 f72dcc _free 64 API calls 6249->6250 6251 f795d8 6250->6251 6252 f72dcc _free 64 API calls 6251->6252 6253 f795e3 6252->6253 6254 f72dcc _free 64 API calls 6253->6254 6255 f795ee 6254->6255 6256 f72dcc _free 64 API calls 6255->6256 6257 f795f9 6256->6257 6258 f72dcc _free 64 API calls 6257->6258 6259 f79604 6258->6259 6260 f72dcc _free 64 API calls 6259->6260 6261 f7960f 6260->6261 6262 f72dcc _free 64 API calls 6261->6262 6263 f7961a 6262->6263 6264 f72dcc _free 64 API calls 6263->6264 6265 f79628 6264->6265 6266 f72dcc _free 64 API calls 6265->6266 6267 f79633 6266->6267 6268 f72dcc _free 64 API calls 6267->6268 6269 f7963e 6268->6269 6270 f72dcc _free 64 API calls 6269->6270 6271 f79649 6270->6271 6272 f72dcc _free 64 API calls 6271->6272 6273 f79654 6272->6273 6274 f72dcc _free 64 API calls 6273->6274 6274->6102 6275->6016 6279 f78996 LeaveCriticalSection 6276->6279 6278 f74f7e 6278->5995 6279->6278 6281 f751f1 _doexit 6280->6281 6282 f75886 __getptd 64 API calls 6281->6282 6283 f751fa 6282->6283 6284 f74edc _LocaleUpdate::_LocaleUpdate 66 API calls 6283->6284 6285 f75204 6284->6285 6311 f74f80 6285->6311 6288 f7850f __malloc_crt 64 API calls 6289 f75225 6288->6289 6290 f75344 _doexit 6289->6290 6318 f74ffc 6289->6318 6290->5953 6293 f75255 InterlockedDecrement 6295 f75276 InterlockedIncrement 6293->6295 6296 f75265 6293->6296 6294 f75351 6294->6290 6298 f75364 6294->6298 6301 f72dcc _free 64 API calls 6294->6301 6295->6290 6297 f7528c 6295->6297 6296->6295 6300 f72dcc _free 64 API calls 6296->6300 6297->6290 6303 f78a6f __lock 64 API calls 6297->6303 6299 f74722 _free 64 API calls 6298->6299 6299->6290 6302 f75275 6300->6302 6301->6298 6302->6295 6305 f752a0 InterlockedDecrement 6303->6305 6306 f7532f InterlockedIncrement 6305->6306 6307 f7531c 6305->6307 6328 f75346 6306->6328 6307->6306 6309 f72dcc _free 64 API calls 6307->6309 6310 f7532e 6309->6310 6310->6306 6312 f72e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6311->6312 6313 f74f94 6312->6313 6314 f74f9f GetOEMCP 6313->6314 6315 f74fbd 6313->6315 6316 f74faf 6314->6316 6315->6316 6317 f74fc2 GetACP 6315->6317 6316->6288 6316->6290 6317->6316 6319 f74f80 getSystemCP 76 API calls 6318->6319 6321 f7501c 6319->6321 6320 f75027 setSBCS 6322 f72d39 __write_nolock 5 API calls 6320->6322 6321->6320 6324 f7506b IsValidCodePage 6321->6324 6327 f75090 _memset __setmbcp_nolock 6321->6327 6323 f751e3 6322->6323 6323->6293 6323->6294 6324->6320 6325 f7507d GetCPInfo 6324->6325 6325->6320 6325->6327 6331 f74d4c GetCPInfo 6327->6331 6392 f78996 LeaveCriticalSection 6328->6392 6330 f7534d 6330->6290 6332 f74d80 _memset 6331->6332 6333 f74e34 6331->6333 6341 f792ae 6332->6341 6336 f72d39 __write_nolock 5 API calls 6333->6336 6339 f74eda 6336->6339 6339->6327 6340 f75d51 ___crtLCMapStringA 80 API calls 6340->6333 6342 f72e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6341->6342 6343 f792c1 6342->6343 6351 f791c7 6343->6351 6346 f75d51 6347 f72e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6346->6347 6348 f75d64 6347->6348 6368 f75b6a 6348->6368 6352 f791e5 6351->6352 6353 f791f0 MultiByteToWideChar 6351->6353 6352->6353 6355 f7921d 6353->6355 6363 f79219 6353->6363 6354 f72d39 __write_nolock 5 API calls 6356 f74def 6354->6356 6357 f72e06 _malloc 64 API calls 6355->6357 6361 f79232 _memset __crtGetStringTypeA_stat 6355->6361 6356->6346 6357->6361 6358 f7926b MultiByteToWideChar 6359 f79292 6358->6359 6360 f79281 GetStringTypeW 6358->6360 6364 f75b4a 6359->6364 6360->6359 6361->6358 6361->6363 6363->6354 6365 f75b56 6364->6365 6367 f75b67 6364->6367 6366 f72dcc _free 64 API calls 6365->6366 6365->6367 6366->6367 6367->6363 6370 f75b88 MultiByteToWideChar 6368->6370 6371 f75be6 6370->6371 6375 f75bed 6370->6375 6372 f72d39 __write_nolock 5 API calls 6371->6372 6374 f74e0f 6372->6374 6373 f75c3a MultiByteToWideChar 6376 f75c53 LCMapStringW 6373->6376 6389 f75d32 6373->6389 6374->6340 6377 f72e06 _malloc 64 API calls 6375->6377 6380 f75c06 __crtGetStringTypeA_stat 6375->6380 6379 f75c72 6376->6379 6376->6389 6377->6380 6378 f75b4a __freea 64 API calls 6378->6371 6381 f75ca5 6379->6381 6382 f75c7c 6379->6382 6380->6371 6380->6373 6385 f72e06 _malloc 64 API calls 6381->6385 6390 f75cc0 __crtGetStringTypeA_stat 6381->6390 6383 f75c90 LCMapStringW 6382->6383 6382->6389 6383->6389 6384 f75cf4 LCMapStringW 6386 f75d2c 6384->6386 6387 f75d0a WideCharToMultiByte 6384->6387 6385->6390 6388 f75b4a __freea 64 API calls 6386->6388 6387->6386 6388->6389 6389->6378 6390->6384 6390->6389 6392->6330 6394 f79940 6393->6394 6395 f79939 6393->6395 6396 f74722 _free 64 API calls 6394->6396 6395->6394 6400 f7995e 6395->6400 6397 f79945 6396->6397 6398 f746d0 __fclose_nolock 11 API calls 6397->6398 6399 f7994f 6398->6399 6399->5621 6400->6399 6401 f74722 _free 64 API calls 6400->6401 6401->6397 6403 f784f2 EncodePointer 6402->6403 6403->6403 6404 f7850c 6403->6404 6404->5635 6408 f76da4 6405->6408 6407 f76ded 6407->5637 6409 f76db0 _doexit 6408->6409 6416 f747cc 6409->6416 6415 f76dd1 _doexit 6415->6407 6417 f78a6f __lock 64 API calls 6416->6417 6418 f747d3 6417->6418 6419 f76cbd DecodePointer DecodePointer 6418->6419 6420 f76d6c 6419->6420 6421 f76ceb 6419->6421 6430 f76dda 6420->6430 6421->6420 6433 f79fde 6421->6433 6423 f76d4f EncodePointer EncodePointer 6423->6420 6424 f76d21 6424->6420 6427 f785a0 __realloc_crt 68 API calls 6424->6427 6429 f76d3d EncodePointer 6424->6429 6425 f76cfd 6425->6423 6425->6424 6440 f785a0 6425->6440 6428 f76d37 6427->6428 6428->6420 6428->6429 6429->6423 6466 f747d5 6430->6466 6434 f79ffe HeapSize 6433->6434 6435 f79fe9 6433->6435 6434->6425 6436 f74722 _free 64 API calls 6435->6436 6437 f79fee 6436->6437 6438 f746d0 __fclose_nolock 11 API calls 6437->6438 6439 f79ff9 6438->6439 6439->6425 6442 f785a9 6440->6442 6443 f785e8 6442->6443 6444 f785c9 Sleep 6442->6444 6445 f7306d 6442->6445 6443->6424 6444->6442 6446 f73083 6445->6446 6447 f73078 6445->6447 6449 f7308b 6446->6449 6458 f73098 6446->6458 6448 f72e06 _malloc 64 API calls 6447->6448 6450 f73080 6448->6450 6451 f72dcc _free 64 API calls 6449->6451 6450->6442 6465 f73093 _free 6451->6465 6452 f730d0 6453 f74c91 _malloc DecodePointer 6452->6453 6455 f730d6 6453->6455 6454 f730a0 HeapReAlloc 6454->6458 6454->6465 6456 f74722 _free 64 API calls 6455->6456 6456->6465 6457 f73100 6460 f74722 _free 64 API calls 6457->6460 6458->6452 6458->6454 6458->6457 6459 f74c91 _malloc DecodePointer 6458->6459 6462 f730e8 6458->6462 6459->6458 6461 f73105 GetLastError 6460->6461 6461->6465 6463 f74722 _free 64 API calls 6462->6463 6464 f730ed GetLastError 6463->6464 6464->6465 6465->6442 6469 f78996 LeaveCriticalSection 6466->6469 6468 f747dc 6468->6415 6469->6468 6471 f71cee 6470->6471 6472 f72910 6471->6472 6474 f7298d StrStrA 6472->6474 6477 f7291e 6472->6477 6474->5649 6474->5650 6475 f7297b lstrcpyA 6475->6477 6476 f7294b StrToIntA 6476->6477 6477->6474 6477->6475 6477->6476 6477->6477 6515 f73036 6477->6515 6479 f728ee 6478->6479 6483 f7281f 6478->6483 6480 f72d39 __write_nolock 5 API calls 6479->6480 6481 f728ff 6480->6481 6481->5659 6484 f7288b Sleep 6483->6484 6485 f7286b 6483->6485 6541 f71460 gethostbyname 6483->6541 6555 f719a0 GetUserNameA 6483->6555 6572 f71b60 6483->6572 6484->6483 6485->6484 6487 f72873 Sleep 6485->6487 6587 f72750 6485->6587 6487->6483 6491 f728d5 closesocket 6492 f728dc Sleep 6491->6492 6492->6483 6494 f72a8f 6493->6494 6495 f72a9c CreateDirectoryA GetLastError CreateFileA 6493->6495 6494->6495 6496 f72c33 6495->6496 6497 f72adc GetFileSize 6495->6497 6499 f72d39 __write_nolock 5 API calls 6496->6499 7211 f73469 6497->7211 6501 f72c42 lstrcpyA 6499->6501 6501->5656 6501->5657 6502 f72b14 6503 f72b5e lstrcpyA 6502->6503 6504 f72b1c 6502->6504 6505 f72b8c wsprintfA CreateFileA 6503->6505 6512 f72b5c 6503->6512 6504->6505 6507 f72b21 lstrcpyA 6504->6507 6505->6496 6506 f72bce WriteFile GetTickCount WriteFile CloseHandle 6505->6506 6508 f72c16 ctype 6506->6508 6509 f71000 6507->6509 7223 f729a0 lstrcpyA 6508->7223 6510 f72b3a CreateDirectoryA lstrcpyA 6509->6510 6510->6512 6512->6505 6514 f72c28 WinExec 6514->6496 6516 f73054 6515->6516 6517 f73044 6515->6517 6519 f72f21 6516->6519 6517->6477 6520 f72e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6519->6520 6521 f72f36 6520->6521 6522 f72f96 6521->6522 6523 f72f42 6521->6523 6527 f72fbb 6522->6527 6538 f75d97 6522->6538 6530 f72f5a 6523->6530 6531 f75de2 6523->6531 6524 f74722 _free 64 API calls 6528 f72fc1 6524->6528 6527->6524 6527->6528 6529 f75d51 ___crtLCMapStringA 80 API calls 6528->6529 6529->6530 6530->6517 6532 f72e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6531->6532 6533 f75df6 6532->6533 6534 f75d97 __isleadbyte_l 74 API calls 6533->6534 6537 f75e03 6533->6537 6535 f75e2b 6534->6535 6536 f792ae ___crtGetStringTypeA 77 API calls 6535->6536 6536->6537 6537->6530 6539 f72e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6538->6539 6540 f75daa 6539->6540 6540->6527 6542 f71482 WSAGetLastError 6541->6542 6543 f7149a socket 6541->6543 6544 f72d39 __write_nolock 5 API calls 6542->6544 6545 f714b3 htons connect 6543->6545 6553 f71559 6543->6553 6547 f71496 6544->6547 6548 f714f2 closesocket 6545->6548 6549 f7150b setsockopt 6545->6549 6546 f72d39 __write_nolock 5 API calls 6550 f71567 6546->6550 6547->6483 6551 f72d39 __write_nolock 5 API calls 6548->6551 6552 f7152a WSAIoctl 6549->6552 6549->6553 6550->6483 6554 f71507 6551->6554 6552->6553 6553->6546 6554->6483 6594 f71720 6555->6594 6557 f719db 6605 f71570 6557->6605 6562 f71a37 gethostname 6563 f71a67 WSACleanup 6562->6563 6564 f71a4d gethostbyname 6562->6564 6565 f71a5e 6563->6565 6564->6563 6564->6565 6628 f717e0 GetComputerNameA 6565->6628 6567 f71ab0 6647 f712a0 6567->6647 6569 f71ade 6570 f72d39 __write_nolock 5 API calls 6569->6570 6571 f71aed 6570->6571 6571->6483 6576 f71b72 6572->6576 6573 f71b80 recv 6573->6576 6574 f71b9e WSAGetLastError 6575 f71c8c 6574->6575 6574->6576 6577 f72d39 __write_nolock 5 API calls 6575->6577 6576->6573 6576->6574 6576->6575 6578 f71bba Sleep 6576->6578 6579 f71bd3 GetProcessHeap 6576->6579 6580 f71c5e 6576->6580 6586 f71c1d 6576->6586 6581 f71c9a 6577->6581 6578->6576 6579->6576 6582 f72d39 __write_nolock 5 API calls 6580->6582 6581->6483 6583 f71c6f 6582->6583 6583->6483 6585 f71c73 GetProcessHeap HeapFree 6585->6575 6586->6576 6586->6585 6886 f71b00 6586->6886 6588 f72764 6587->6588 6589 f727ae 6587->6589 6591 f72796 GetProcessHeap HeapFree 6588->6591 6892 f722a0 6588->6892 6590 f712a0 8 API calls 6589->6590 6592 f727d2 recv 6590->6592 6591->6588 6591->6589 6592->6491 6592->6492 6658 f768f0 6594->6658 6596 f71747 GetVersionExA 6597 f71767 GetVersionExA 6596->6597 6598 f7178f wsprintfA 6596->6598 6597->6598 6599 f7177e 6597->6599 6603 f72d39 __write_nolock 5 API calls 6598->6603 6600 f72d39 __write_nolock 5 API calls 6599->6600 6602 f7178b 6600->6602 6602->6557 6604 f717da 6603->6604 6604->6557 6606 f715c9 _memset 6605->6606 6607 f7161d lstrcpyA 6606->6607 6608 f71635 6607->6608 6609 f7170d 6608->6609 6610 f7164c RegOpenKeyExA 6608->6610 6611 f72d39 __write_nolock 5 API calls 6609->6611 6610->6609 6613 f71671 _memset 6610->6613 6612 f7171b 6611->6612 6617 f72d48 6612->6617 6614 f716b8 RegQueryValueExA 6613->6614 6616 f71700 RegCloseKey 6613->6616 6614->6613 6615 f716db lstrcatA lstrcatA 6614->6615 6615->6613 6616->6609 6618 f72d66 6617->6618 6619 f72d7b 6617->6619 6620 f74722 _free 64 API calls 6618->6620 6619->6618 6621 f72d82 6619->6621 6622 f72d6b 6620->6622 6660 f7399a 6621->6660 6624 f746d0 __fclose_nolock 11 API calls 6622->6624 6626 f71a0d lstrlenA WSAStartup 6624->6626 6626->6562 6626->6565 6629 f72e06 _malloc 64 API calls 6628->6629 6630 f7182c 6629->6630 6631 f71845 GetAdaptersInfo 6630->6631 6632 f71835 6630->6632 6634 f7306d __recalloc 67 API calls 6631->6634 6633 f72d39 __write_nolock 5 API calls 6632->6633 6635 f71841 6633->6635 6636 f71863 GetAdaptersInfo 6634->6636 6635->6567 6637 f7187c 6636->6637 6642 f7188f 6636->6642 6639 f72d39 __write_nolock 5 API calls 6637->6639 6638 f71944 6641 f72dcc _free 64 API calls 6638->6641 6640 f7188b 6639->6640 6640->6567 6643 f71950 6641->6643 6642->6638 6642->6642 6644 f72d48 100 API calls _sprintf 6642->6644 6645 f72d39 __write_nolock 5 API calls 6643->6645 6644->6642 6646 f71994 6645->6646 6646->6567 6649 f712ad __write_nolock 6647->6649 6648 f713e6 send 6648->6649 6649->6648 6650 f7142f 6649->6650 6651 f71406 WSAGetLastError 6649->6651 6653 f71443 6649->6653 6655 f7141a Sleep 6649->6655 6652 f72d39 __write_nolock 5 API calls 6650->6652 6651->6649 6651->6653 6654 f7143f 6652->6654 6656 f72d39 __write_nolock 5 API calls 6653->6656 6654->6569 6655->6649 6657 f71452 6656->6657 6657->6569 6659 f768fc 6658->6659 6659->6596 6659->6659 6661 f72e9a _LocaleUpdate::_LocaleUpdate 74 API calls 6660->6661 6662 f73a01 6661->6662 6663 f73a05 6662->6663 6668 f73a3c __output_l __aulldvrm _strlen 6662->6668 6702 f784c6 6662->6702 6664 f74722 _free 64 API calls 6663->6664 6665 f73a0a 6664->6665 6667 f746d0 __fclose_nolock 11 API calls 6665->6667 6669 f73a15 6667->6669 6668->6663 6668->6669 6672 f75d97 __isleadbyte_l 74 API calls 6668->6672 6673 f72dcc _free 64 API calls 6668->6673 6674 f74091 DecodePointer 6668->6674 6675 f73926 95 API calls _write_string 6668->6675 6676 f7850f __malloc_crt 64 API calls 6668->6676 6677 f740fa DecodePointer 6668->6677 6678 f7411b DecodePointer 6668->6678 6679 f738f3 95 API calls _write_string 6668->6679 6680 f78840 76 API calls __cftof 6668->6680 6670 f72d39 __write_nolock 5 API calls 6669->6670 6671 f72da8 6670->6671 6671->6626 6681 f7378f 6671->6681 6672->6668 6673->6668 6674->6668 6675->6668 6676->6668 6677->6668 6678->6668 6679->6668 6680->6668 6682 f784c6 __fclose_nolock 64 API calls 6681->6682 6683 f7379f 6682->6683 6684 f737c1 6683->6684 6685 f737aa 6683->6685 6687 f737c5 6684->6687 6695 f737d2 __flsbuf 6684->6695 6686 f74722 _free 64 API calls 6685->6686 6689 f737af 6686->6689 6688 f74722 _free 64 API calls 6687->6688 6688->6689 6689->6626 6690 f738c2 6693 f7819e __write 95 API calls 6690->6693 6691 f73842 6692 f73859 6691->6692 6696 f73876 6691->6696 6721 f7819e 6692->6721 6693->6689 6695->6689 6698 f73828 6695->6698 6701 f73833 6695->6701 6709 f782bb 6695->6709 6696->6689 6746 f779b7 6696->6746 6698->6701 6718 f78272 6698->6718 6701->6690 6701->6691 6703 f784e7 6702->6703 6704 f784d2 6702->6704 6703->6668 6705 f74722 _free 64 API calls 6704->6705 6706 f784d7 6705->6706 6707 f746d0 __fclose_nolock 11 API calls 6706->6707 6708 f784e2 6707->6708 6708->6668 6710 f782d7 6709->6710 6711 f782c8 6709->6711 6714 f782f5 6710->6714 6715 f74722 _free 64 API calls 6710->6715 6712 f74722 _free 64 API calls 6711->6712 6713 f782cd 6712->6713 6713->6698 6714->6698 6716 f782e8 6715->6716 6717 f746d0 __fclose_nolock 11 API calls 6716->6717 6717->6713 6719 f7850f __malloc_crt 64 API calls 6718->6719 6720 f78287 6719->6720 6720->6701 6722 f781aa _doexit 6721->6722 6723 f781b2 6722->6723 6724 f781cd 6722->6724 6771 f74735 6723->6771 6725 f781d9 6724->6725 6730 f78213 6724->6730 6727 f74735 __write_nolock 64 API calls 6725->6727 6729 f781de 6727->6729 6732 f74722 _free 64 API calls 6729->6732 6774 f7a2c1 6730->6774 6731 f74722 _free 64 API calls 6740 f781bf _doexit 6731->6740 6734 f781e6 6732->6734 6736 f746d0 __fclose_nolock 11 API calls 6734->6736 6735 f78219 6737 f78227 6735->6737 6738 f7823b 6735->6738 6736->6740 6784 f77aa1 6737->6784 6739 f74722 _free 64 API calls 6738->6739 6742 f78240 6739->6742 6740->6689 6744 f74735 __write_nolock 64 API calls 6742->6744 6743 f78233 6843 f7826a 6743->6843 6744->6743 6747 f779c3 _doexit 6746->6747 6748 f779d4 6747->6748 6749 f779f0 6747->6749 6751 f74735 __write_nolock 64 API calls 6748->6751 6750 f779fc 6749->6750 6755 f77a36 6749->6755 6752 f74735 __write_nolock 64 API calls 6750->6752 6753 f779d9 6751->6753 6754 f77a01 6752->6754 6756 f74722 _free 64 API calls 6753->6756 6757 f74722 _free 64 API calls 6754->6757 6758 f7a2c1 ___lock_fhandle 66 API calls 6755->6758 6766 f779e1 _doexit 6756->6766 6759 f77a09 6757->6759 6760 f77a3c 6758->6760 6761 f746d0 __fclose_nolock 11 API calls 6759->6761 6762 f77a66 6760->6762 6763 f77a4a 6760->6763 6761->6766 6765 f74722 _free 64 API calls 6762->6765 6764 f77932 __lseeki64_nolock 66 API calls 6763->6764 6767 f77a5b 6764->6767 6768 f77a6b 6765->6768 6766->6689 6882 f77a97 6767->6882 6769 f74735 __write_nolock 64 API calls 6768->6769 6769->6767 6772 f7580d __getptd_noexit 64 API calls 6771->6772 6773 f7473a 6772->6773 6773->6731 6775 f7a2cd _doexit 6774->6775 6776 f7a327 6775->6776 6778 f78a6f __lock 64 API calls 6775->6778 6777 f7a32c EnterCriticalSection 6776->6777 6779 f7a349 _doexit 6776->6779 6777->6779 6780 f7a2f9 6778->6780 6779->6735 6781 f7a302 InitializeCriticalSectionAndSpinCount 6780->6781 6782 f7a315 6780->6782 6781->6782 6846 f7a357 6782->6846 6785 f77ab0 __write_nolock 6784->6785 6786 f77ae6 6785->6786 6787 f77b05 6785->6787 6831 f77adb 6785->6831 6788 f74735 __write_nolock 64 API calls 6786->6788 6792 f77b61 6787->6792 6793 f77b44 6787->6793 6790 f77aeb 6788->6790 6789 f72d39 __write_nolock 5 API calls 6791 f7819c 6789->6791 6795 f74722 _free 64 API calls 6790->6795 6791->6743 6794 f77b74 6792->6794 6850 f77932 6792->6850 6796 f74735 __write_nolock 64 API calls 6793->6796 6799 f782bb __write_nolock 64 API calls 6794->6799 6798 f77af2 6795->6798 6800 f77b49 6796->6800 6801 f746d0 __fclose_nolock 11 API calls 6798->6801 6802 f77b7d 6799->6802 6803 f74722 _free 64 API calls 6800->6803 6801->6831 6804 f77e1f 6802->6804 6809 f75886 __getptd 64 API calls 6802->6809 6805 f77b51 6803->6805 6807 f780cf WriteFile 6804->6807 6808 f77e2e 6804->6808 6806 f746d0 __fclose_nolock 11 API calls 6805->6806 6806->6831 6812 f78102 GetLastError 6807->6812 6815 f77e01 6807->6815 6810 f77ee9 6808->6810 6816 f77e41 6808->6816 6811 f77b98 GetConsoleMode 6809->6811 6830 f77ef6 6810->6830 6833 f77fc3 6810->6833 6811->6804 6814 f77bc1 6811->6814 6812->6815 6813 f7814d 6820 f74722 _free 64 API calls 6813->6820 6813->6831 6814->6804 6817 f77bd1 GetConsoleCP 6814->6817 6815->6813 6818 f78120 6815->6818 6815->6831 6816->6813 6816->6815 6819 f77e8b WriteFile 6816->6819 6817->6815 6841 f77bf4 6817->6841 6823 f7813f 6818->6823 6824 f7812b 6818->6824 6819->6812 6819->6816 6821 f78170 6820->6821 6826 f74735 __write_nolock 64 API calls 6821->6826 6822 f78034 WideCharToMultiByte 6822->6812 6828 f7806b WriteFile 6822->6828 6863 f74748 6823->6863 6827 f74722 _free 64 API calls 6824->6827 6825 f77f65 WriteFile 6825->6812 6825->6830 6826->6831 6832 f78130 6827->6832 6828->6833 6834 f780a2 GetLastError 6828->6834 6830->6813 6830->6815 6830->6825 6831->6789 6836 f74735 __write_nolock 64 API calls 6832->6836 6833->6813 6833->6815 6833->6822 6833->6828 6834->6833 6836->6831 6837 f7a4df 76 API calls __fassign 6837->6841 6838 f77ca0 WideCharToMultiByte 6838->6815 6839 f77cd1 WriteFile 6838->6839 6839->6812 6839->6841 6840 f7a387 WriteConsoleW CreateFileW __write_nolock 6840->6841 6841->6812 6841->6815 6841->6837 6841->6838 6841->6840 6842 f77d25 WriteFile 6841->6842 6860 f75dcf 6841->6860 6842->6812 6842->6841 6881 f7a360 LeaveCriticalSection 6843->6881 6845 f78270 6845->6740 6849 f78996 LeaveCriticalSection 6846->6849 6848 f7a35e 6848->6776 6849->6848 6868 f7a258 6850->6868 6852 f77950 6853 f77969 SetFilePointer 6852->6853 6854 f77958 6852->6854 6855 f77981 GetLastError 6853->6855 6857 f7795d 6853->6857 6856 f74722 _free 64 API calls 6854->6856 6855->6857 6858 f7798b 6855->6858 6856->6857 6857->6794 6859 f74748 __dosmaperr 64 API calls 6858->6859 6859->6857 6861 f75d97 __isleadbyte_l 74 API calls 6860->6861 6862 f75dde 6861->6862 6862->6841 6864 f74735 __write_nolock 64 API calls 6863->6864 6865 f74753 _free 6864->6865 6866 f74722 _free 64 API calls 6865->6866 6867 f74766 6866->6867 6867->6831 6869 f7a265 6868->6869 6872 f7a27d 6868->6872 6870 f74735 __write_nolock 64 API calls 6869->6870 6871 f7a26a 6870->6871 6874 f74722 _free 64 API calls 6871->6874 6873 f74735 __write_nolock 64 API calls 6872->6873 6876 f7a2bc 6872->6876 6875 f7a28e 6873->6875 6877 f7a272 6874->6877 6878 f74722 _free 64 API calls 6875->6878 6876->6852 6877->6852 6879 f7a296 6878->6879 6880 f746d0 __fclose_nolock 11 API calls 6879->6880 6880->6877 6881->6845 6885 f7a360 LeaveCriticalSection 6882->6885 6884 f77a9f 6884->6766 6885->6884 6889 f71b50 6886->6889 6890 f71b11 6886->6890 6887 f71b17 recv 6887->6890 6888 f71b30 WSAGetLastError 6888->6889 6888->6890 6889->6586 6890->6887 6890->6888 6890->6889 6891 f71b44 Sleep 6890->6891 6891->6890 6895 f722c4 _memset 6892->6895 6934 f72730 6892->6934 6893 f72d39 __write_nolock 5 API calls 6894 f72740 6893->6894 6894->6588 6960 f733c9 GetSystemTimeAsFileTime 6895->6960 6897 f72305 6962 f733a2 6897->6962 6899 f72320 _memmove 6900 f72336 lstrcpyA 6899->6900 6901 f72353 6900->6901 6902 f72360 wsprintfA 6900->6902 6901->6902 6903 f723a6 6902->6903 6903->6903 6904 f712a0 8 API calls 6903->6904 6905 f723ce lstrcmpA 6904->6905 6906 f723ed 6905->6906 6905->6934 6907 f71ca0 2 API calls 6906->6907 6908 f723ff lstrcmpA 6907->6908 6910 f724be lstrcmpA 6908->6910 6911 f7242b lstrcpyA StrToIntA 6908->6911 6914 f725b4 lstrcmpA 6910->6914 6915 f724d0 6910->6915 6912 f72457 6911->6912 6913 f7246b wsprintfA lstrlenA 6911->6913 6912->6913 6919 f726e3 6913->6919 6917 f725c6 StrChrA 6914->6917 6918 f72671 lstrcmpA 6914->6918 6967 f71dc0 6915->6967 6921 f725de 6917->6921 6922 f725d9 6917->6922 6924 f72683 6918->6924 6925 f72721 6918->6925 6923 f712a0 8 API calls 6919->6923 6930 f71f10 8 API calls 6921->6930 6929 f725ed lstrcpyA 6922->6929 6931 f7270d 6923->6931 6932 f71dc0 11 API calls 6924->6932 6989 f72000 6925->6989 6927 f724df lstrcpyA 6977 f71000 6927->6977 6928 f72519 lstrcpyA 6936 f71000 6928->6936 6938 f71000 6929->6938 6937 f725e6 6930->6937 6939 f72d39 __write_nolock 5 API calls 6931->6939 6933 f7268e 6932->6933 6940 f726b3 lstrcpyA 6933->6940 6941 f72692 lstrcpyA 6933->6941 6934->6893 6943 f72532 lstrcatA 6936->6943 6937->6929 6944 f72630 lstrcpyA 6937->6944 6945 f725fd lstrcatA lstrcatA lstrlenA 6938->6945 6946 f7271d 6939->6946 6947 f726ab 6940->6947 6941->6947 6979 f71f10 GetTempPathA 6943->6979 6949 f71000 6944->6949 6945->6919 6946->6588 6952 f726d4 lstrcatA 6947->6952 6951 f72640 lstrcpyA lstrcatA lstrlenA 6949->6951 6950 f7254a 6953 f72571 lstrcpyA 6950->6953 6954 f72551 lstrcpyA 6950->6954 6951->6919 6952->6919 6956 f71000 6953->6956 6955 f71000 6954->6955 6957 f72565 lstrcatA 6955->6957 6958 f72587 lstrcpyA 6956->6958 6959 f72591 lstrcatA lstrlenA 6957->6959 6958->6959 6959->6919 6961 f733f9 __aulldiv 6960->6961 6961->6897 7013 f76ad2 6962->7013 6964 f733ad 6965 f733bc 6964->6965 7021 f7311a 6964->7021 6965->6899 6968 f71ef5 6967->6968 6969 f71de4 GetTempPathA SetCurrentDirectoryA DeleteUrlCacheEntry CreateFileA 6967->6969 6971 f72d39 __write_nolock 5 API calls 6968->6971 6969->6968 6974 f71e3a _memset 6969->6974 6972 f71f04 6971->6972 6972->6927 6972->6928 6973 f71ea1 WriteFile 6973->6974 6974->6968 6974->6973 6975 f71edc CloseHandle 6974->6975 6975->6968 6978 f71007 lstrcatA lstrlenA 6977->6978 6978->6919 6981 f71f48 _memset 6979->6981 6980 f71f90 CreateProcessA 6980->6981 6982 f71fb9 6980->6982 6981->6980 6981->6982 6983 f71fd0 CloseHandle 6982->6983 6984 f71fbe 6982->6984 6986 f72d39 __write_nolock 5 API calls 6983->6986 6985 f72d39 __write_nolock 5 API calls 6984->6985 6987 f71fcc 6985->6987 6988 f71fee 6986->6988 6987->6950 6988->6950 6990 f7200d _memset __write_nolock 6989->6990 6991 f7204e lstrcpyA 6990->6991 6992 f72071 6991->6992 6993 f72d48 _sprintf 100 API calls 6992->6993 6994 f72096 CreatePipe 6993->6994 6996 f720e2 _memset 6994->6996 6995 f72140 CreateProcessA 6995->6996 6997 f72169 6995->6997 6996->6995 6996->6997 6998 f72181 Sleep WaitForSingleObject GetExitCodeProcess 6997->6998 6999 f7216e 6997->6999 7000 f72202 CloseHandle CloseHandle 6998->7000 7001 f721c2 6998->7001 7002 f72d39 __write_nolock 5 API calls 6999->7002 7005 f72220 ReadFile 7000->7005 7001->7000 7004 f721ce TerminateProcess CloseHandle CloseHandle CloseHandle 7001->7004 7003 f7217d 7002->7003 7003->6934 7006 f7228a 7004->7006 7007 f72247 7005->7007 7008 f7227d CloseHandle 7005->7008 7009 f72d39 __write_nolock 5 API calls 7006->7009 7007->7008 7010 f712a0 8 API calls 7007->7010 7012 f72277 Sleep 7007->7012 7008->7006 7011 f7229c 7009->7011 7010->7007 7011->6934 7012->7005 7014 f7580d __getptd_noexit 64 API calls 7013->7014 7015 f76ada 7014->7015 7016 f76ae0 7015->7016 7018 f76b04 7015->7018 7020 f7850f __malloc_crt 64 API calls 7015->7020 7017 f74722 _free 64 API calls 7016->7017 7016->7018 7019 f76ae5 7017->7019 7018->6964 7019->6964 7020->7016 7022 f73136 7021->7022 7023 f73149 _memset 7021->7023 7024 f74722 _free 64 API calls 7022->7024 7026 f73161 7023->7026 7034 f73172 7023->7034 7025 f7313b 7024->7025 7027 f746d0 __fclose_nolock 11 API calls 7025->7027 7028 f74722 _free 64 API calls 7026->7028 7061 f73145 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 7027->7061 7029 f73166 7028->7029 7033 f746d0 __fclose_nolock 11 API calls 7029->7033 7030 f73190 7035 f74722 _free 64 API calls 7030->7035 7031 f731a1 7062 f7657c 7031->7062 7033->7061 7034->7030 7034->7031 7035->7061 7036 f731a6 7070 f76845 7036->7070 7038 f731af 7039 f73397 7038->7039 7077 f76872 7038->7077 7040 f7467e __invoke_watson 10 API calls 7039->7040 7042 f733a1 7040->7042 7044 f76ad2 __localtime64_s 64 API calls 7042->7044 7043 f731c1 7043->7039 7084 f7689f 7043->7084 7046 f733ad 7044->7046 7048 f7311a __localtime64_s 100 API calls 7046->7048 7050 f733bc 7046->7050 7047 f731d3 7047->7039 7052 f731dc 7047->7052 7048->7050 7049 f7324f 7051 f7660c __gmtime64_s 64 API calls 7049->7051 7050->6965 7055 f73256 7051->7055 7052->7049 7053 f731ef 7052->7053 7091 f7660c 7053->7091 7057 f765cb __localtime64_s 64 API calls 7055->7057 7055->7061 7056 f73207 7056->7061 7100 f765cb 7056->7100 7057->7061 7059 f7321c 7060 f7660c __gmtime64_s 64 API calls 7059->7060 7059->7061 7060->7061 7061->6965 7063 f76588 _doexit 7062->7063 7064 f765bc _doexit 7063->7064 7065 f78a6f __lock 64 API calls 7063->7065 7064->7036 7066 f76599 7065->7066 7067 f765aa 7066->7067 7108 f75e9b 7066->7108 7137 f765c2 7067->7137 7071 f76866 7070->7071 7072 f76851 7070->7072 7071->7038 7073 f74722 _free 64 API calls 7072->7073 7074 f76856 7073->7074 7075 f746d0 __fclose_nolock 11 API calls 7074->7075 7076 f76861 7075->7076 7076->7038 7078 f76893 7077->7078 7079 f7687e 7077->7079 7078->7043 7080 f74722 _free 64 API calls 7079->7080 7081 f76883 7080->7081 7082 f746d0 __fclose_nolock 11 API calls 7081->7082 7083 f7688e 7082->7083 7083->7043 7085 f768c0 7084->7085 7086 f768ab 7084->7086 7085->7047 7087 f74722 _free 64 API calls 7086->7087 7088 f768b0 7087->7088 7089 f746d0 __fclose_nolock 11 API calls 7088->7089 7090 f768bb 7089->7090 7090->7047 7092 f76636 _memset 7091->7092 7093 f76620 7091->7093 7092->7093 7099 f7664d 7092->7099 7094 f74722 _free 64 API calls 7093->7094 7095 f76625 7094->7095 7096 f746d0 __fclose_nolock 11 API calls 7095->7096 7097 f7662f __gmtime64_s __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 7096->7097 7097->7056 7098 f74722 _free 64 API calls 7098->7097 7099->7097 7099->7098 7101 f765d7 _doexit 7100->7101 7102 f78a6f __lock 64 API calls 7101->7102 7103 f765de 7102->7103 7169 f763a5 7103->7169 7107 f765fa _doexit 7107->7059 7109 f75ea7 _doexit 7108->7109 7110 f78a6f __lock 64 API calls 7109->7110 7111 f75ec2 __tzset_nolock 7110->7111 7112 f7689f __tzset_nolock 64 API calls 7111->7112 7113 f75ed7 7112->7113 7114 f76845 __tzset_nolock 64 API calls 7113->7114 7116 f75f94 __tzset_nolock 7113->7116 7117 f75ee9 7114->7117 7115 f7467e __invoke_watson 10 API calls 7115->7116 7116->7115 7118 f75fbf GetTimeZoneInformation 7116->7118 7119 f72dcc _free 64 API calls 7116->7119 7123 f76026 WideCharToMultiByte 7116->7123 7126 f7605e WideCharToMultiByte 7116->7126 7129 f79876 64 API calls __tzset_nolock 7116->7129 7135 f7618f __tzset_nolock _doexit 7116->7135 7136 f79dd0 77 API calls __tzset_nolock 7116->7136 7151 f7611e 7116->7151 7117->7116 7120 f76872 __tzset_nolock 64 API calls 7117->7120 7118->7116 7119->7116 7121 f75efb 7120->7121 7121->7116 7140 f797fc 7121->7140 7123->7116 7126->7116 7128 f75f62 _strlen 7131 f7850f __malloc_crt 64 API calls 7128->7131 7129->7116 7130 f75f2b __tzset_nolock 7130->7116 7130->7128 7132 f72dcc _free 64 API calls 7130->7132 7133 f75f70 _strlen 7131->7133 7132->7128 7133->7116 7134 f7992b _strcpy_s 64 API calls 7133->7134 7134->7116 7135->7067 7136->7116 7168 f78996 LeaveCriticalSection 7137->7168 7139 f765c9 7139->7064 7141 f75886 __getptd 64 API calls 7140->7141 7142 f79801 7141->7142 7143 f75f09 7142->7143 7144 f7565d _LocaleUpdate::_LocaleUpdate 72 API calls 7142->7144 7145 f79de6 7143->7145 7144->7143 7146 f79dff 7145->7146 7147 f79dfb 7145->7147 7146->7147 7149 f79e11 _strlen 7146->7149 7154 f7adb9 7146->7154 7147->7130 7149->7147 7164 f7ad9f 7149->7164 7167 f78996 LeaveCriticalSection 7151->7167 7153 f76125 7153->7116 7155 f7ae39 7154->7155 7162 f7add4 7154->7162 7155->7149 7156 f7adda WideCharToMultiByte 7156->7155 7156->7162 7157 f78554 __calloc_crt 64 API calls 7157->7162 7158 f7adfd WideCharToMultiByte 7159 f7ae45 7158->7159 7158->7162 7160 f72dcc _free 64 API calls 7159->7160 7160->7155 7161 f7b62d ___crtsetenv 95 API calls 7161->7162 7162->7155 7162->7156 7162->7157 7162->7158 7162->7161 7163 f72dcc _free 64 API calls 7162->7163 7163->7162 7165 f7acc1 __mbsnbicoll_l 89 API calls 7164->7165 7166 f7adb4 7165->7166 7166->7149 7167->7153 7168->7139 7170 f76845 __tzset_nolock 64 API calls 7169->7170 7171 f763bc 7170->7171 7172 f76571 7171->7172 7175 f763c5 7171->7175 7173 f7467e __invoke_watson 10 API calls 7172->7173 7174 f7657b 7173->7174 7176 f763f5 7175->7176 7177 f764ad 7175->7177 7183 f764a8 7175->7183 7188 f761ae 7176->7188 7178 f761ae _cvtdate 64 API calls 7177->7178 7180 f764e6 7178->7180 7182 f761ae _cvtdate 64 API calls 7180->7182 7181 f7644b 7184 f761ae _cvtdate 64 API calls 7181->7184 7182->7183 7185 f76603 7183->7185 7184->7183 7210 f78996 LeaveCriticalSection 7185->7210 7187 f7660a 7187->7107 7190 f761ce 7188->7190 7189 f76872 __tzset_nolock 64 API calls 7191 f7634f 7189->7191 7190->7189 7192 f76323 7190->7192 7191->7192 7193 f7467e __invoke_watson 10 API calls 7191->7193 7192->7181 7194 f763a4 7193->7194 7195 f76845 __tzset_nolock 64 API calls 7194->7195 7196 f763bc 7195->7196 7197 f763c5 7196->7197 7198 f76571 7196->7198 7201 f763f5 7197->7201 7202 f764ad 7197->7202 7208 f764a8 7197->7208 7199 f7467e __invoke_watson 10 API calls 7198->7199 7200 f7657b 7199->7200 7204 f761ae _cvtdate 64 API calls 7201->7204 7203 f761ae _cvtdate 64 API calls 7202->7203 7205 f764e6 7203->7205 7207 f7644b 7204->7207 7206 f761ae _cvtdate 64 API calls 7205->7206 7206->7208 7209 f761ae _cvtdate 64 API calls 7207->7209 7208->7181 7209->7208 7210->7187 7213 f73473 7211->7213 7212 f72e06 _malloc 64 API calls 7212->7213 7213->7212 7214 f72aee ReadFile CloseHandle 7213->7214 7215 f74c91 _malloc DecodePointer 7213->7215 7218 f7348f std::exception::exception 7213->7218 7214->6502 7214->6503 7215->7213 7216 f734cd 7234 f76c67 7216->7234 7218->7216 7220 f76de0 __cinit 74 API calls 7218->7220 7220->7216 7222 f734e8 7224 f729cd 7223->7224 7225 f729da RegCreateKeyA 7223->7225 7224->7225 7226 f729f2 lstrcpyA 7225->7226 7227 f72a3d 7225->7227 7228 f72a05 7226->7228 7229 f72a11 lstrlenA RegSetValueExA 7226->7229 7230 f72d39 __write_nolock 5 API calls 7227->7230 7228->7229 7231 f72a33 RegCloseKey 7229->7231 7232 f72a30 7229->7232 7233 f72a4b 7230->7233 7231->7227 7232->7231 7233->6496 7233->6514 7240 f76c00 7234->7240 7237 f76df7 7238 f76e20 7237->7238 7239 f76e2c RaiseException 7237->7239 7238->7239 7239->7222 7241 f76c10 7240->7241 7242 f734d7 7240->7242 7246 f76be2 7241->7246 7242->7237 7247 f76bf5 7246->7247 7248 f76bed 7246->7248 7247->7242 7250 f76ba2 7247->7250 7249 f72dcc _free 64 API calls 7248->7249 7249->7247 7251 f76bb0 _strlen 7250->7251 7252 f76bd5 7250->7252 7253 f72e06 _malloc 64 API calls 7251->7253 7252->7242 7254 f76bc2 7253->7254 7254->7252 7255 f7992b _strcpy_s 64 API calls 7254->7255 7255->7252 7259 f748cc 7256->7259 7258 f74a33 7260 f748d8 _doexit 7259->7260 7261 f78a6f __lock 59 API calls 7260->7261 7262 f748df 7261->7262 7263 f7490a DecodePointer 7262->7263 7269 f74989 7262->7269 7265 f74921 DecodePointer 7263->7265 7263->7269 7278 f74934 7265->7278 7267 f74a06 _doexit 7267->7258 7282 f749f7 7269->7282 7270 f749ee 7272 f747b4 _doexit 3 API calls 7270->7272 7273 f749f7 7272->7273 7274 f74a04 7273->7274 7287 f78996 LeaveCriticalSection 7273->7287 7274->7258 7275 f7494b DecodePointer 7281 f756d6 EncodePointer 7275->7281 7278->7269 7278->7275 7279 f7495a DecodePointer DecodePointer 7278->7279 7280 f756d6 EncodePointer 7278->7280 7279->7278 7280->7278 7281->7278 7283 f749fd 7282->7283 7285 f749d7 7282->7285 7288 f78996 LeaveCriticalSection 7283->7288 7285->7267 7286 f78996 LeaveCriticalSection 7285->7286 7286->7270 7287->7274 7288->7285 7313 f7ae50 RtlUnwind 7594 f7a110 7595 f7a122 7594->7595 7597 f7a130 @_EH4_CallFilterFunc@8 7594->7597 7596 f72d39 __write_nolock 5 API calls 7595->7596 7596->7597 7297 f7367f 7300 f7788f 7297->7300 7299 f73684 7299->7299 7301 f778b4 7300->7301 7302 f778c1 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 7300->7302 7301->7302 7303 f778b8 7301->7303 7302->7303 7303->7299 7314 f756df TlsAlloc 7315 f79f5e IsProcessorFeaturePresent 7598 f71d9e 7599 f71dc0 7598->7599 7600 f71ef5 7599->7600 7601 f71ded GetTempPathA SetCurrentDirectoryA DeleteUrlCacheEntry CreateFileA 7599->7601 7602 f72d39 __write_nolock 5 API calls 7600->7602 7601->7600 7605 f71e3a _memset 7601->7605 7603 f71f04 7602->7603 7604 f71ea1 WriteFile 7604->7605 7605->7600 7605->7604 7606 f71edc CloseHandle 7605->7606 7606->7600 7608 f76c9c 7611 f76c8c 7608->7611 7610 f76ca9 ctype 7614 f79f6e 7611->7614 7613 f76c9a 7613->7610 7615 f79f7a _doexit 7614->7615 7616 f78a6f __lock 64 API calls 7615->7616 7621 f79f81 7616->7621 7617 f79fba 7624 f79fd5 7617->7624 7619 f79fcb _doexit 7619->7613 7620 f79fb1 7622 f72dcc _free 64 API calls 7620->7622 7621->7617 7621->7620 7623 f72dcc _free 64 API calls 7621->7623 7622->7617 7623->7620 7627 f78996 LeaveCriticalSection 7624->7627 7626 f79fdc 7626->7619 7627->7626 7628 f71899 7629 f718a0 7628->7629 7629->7629 7630 f71944 7629->7630 7632 f72d48 100 API calls _sprintf 7629->7632 7631 f72dcc _free 64 API calls 7630->7631 7633 f71950 7631->7633 7632->7629 7634 f72d39 __write_nolock 5 API calls 7633->7634 7635 f71994 7634->7635 7319 f78ac6 7320 f78ac9 7319->7320 7323 f7aaa9 7320->7323 7322 f78ad5 _doexit 7332 f78b41 DecodePointer 7323->7332 7325 f7aaae 7326 f7aab9 7325->7326 7333 f78b4e 7325->7333 7328 f7aad1 7326->7328 7330 f74555 __call_reportfault 8 API calls 7326->7330 7329 f74a22 _raise 64 API calls 7328->7329 7331 f7aadb 7329->7331 7330->7328 7331->7322 7332->7325 7337 f78b5a _doexit 7333->7337 7334 f78bb5 7335 f78b97 DecodePointer 7334->7335 7340 f78bc4 7334->7340 7343 f78b86 _siglookup 7335->7343 7336 f78b81 7338 f7580d __getptd_noexit 64 API calls 7336->7338 7337->7334 7337->7335 7337->7336 7342 f78b7d 7337->7342 7338->7343 7341 f74722 _free 64 API calls 7340->7341 7344 f78bc9 7341->7344 7342->7336 7342->7340 7345 f78c21 7343->7345 7346 f74a22 _raise 64 API calls 7343->7346 7353 f78b8f _doexit 7343->7353 7347 f746d0 __fclose_nolock 11 API calls 7344->7347 7348 f78a6f __lock 64 API calls 7345->7348 7349 f78c2c 7345->7349 7346->7345 7347->7353 7348->7349 7351 f78c61 7349->7351 7354 f756d6 EncodePointer 7349->7354 7355 f78cb5 7351->7355 7353->7326 7354->7351 7356 f78cbb 7355->7356 7358 f78cc2 7355->7358 7359 f78996 LeaveCriticalSection 7356->7359 7358->7353 7359->7358 7540 f7afa6 7541 f7afb0 7540->7541 7542 f7afbc 7540->7542 7541->7542 7543 f7afb5 CloseHandle 7541->7543 7543->7542 7636 f76e85 SetUnhandledExceptionFilter 7360 f76e43 7361 f76e7f 7360->7361 7363 f76e55 7360->7363 7363->7361 7364 f78aa2 7363->7364 7365 f78aae _doexit 7364->7365 7366 f75886 __getptd 64 API calls 7365->7366 7367 f78ab3 7366->7367 7368 f7aaa9 _abort 66 API calls 7367->7368 7369 f78ad5 _doexit 7368->7369 7369->7361 7370 f73641 7373 f76e93 7370->7373 7374 f7580d __getptd_noexit 64 API calls 7373->7374 7375 f73652 7374->7375 7544 f758a0 7546 f758ac _doexit 7544->7546 7545 f758c4 7548 f758d2 7545->7548 7550 f72dcc _free 64 API calls 7545->7550 7546->7545 7547 f72dcc _free 64 API calls 7546->7547 7549 f759ae _doexit 7546->7549 7547->7545 7551 f758e0 7548->7551 7552 f72dcc _free 64 API calls 7548->7552 7550->7548 7553 f758ee 7551->7553 7554 f72dcc _free 64 API calls 7551->7554 7552->7551 7555 f758fc 7553->7555 7556 f72dcc _free 64 API calls 7553->7556 7554->7553 7557 f7590a 7555->7557 7558 f72dcc _free 64 API calls 7555->7558 7556->7555 7559 f75918 7557->7559 7560 f72dcc _free 64 API calls 7557->7560 7558->7557 7561 f75929 7559->7561 7562 f72dcc _free 64 API calls 7559->7562 7560->7559 7563 f78a6f __lock 64 API calls 7561->7563 7562->7561 7564 f75931 7563->7564 7565 f7593d InterlockedDecrement 7564->7565 7571 f75956 7564->7571 7566 f75948 7565->7566 7565->7571 7569 f72dcc _free 64 API calls 7566->7569 7566->7571 7569->7571 7570 f78a6f __lock 64 API calls 7572 f7596a 7570->7572 7580 f759ba 7571->7580 7573 f7599b 7572->7573 7574 f7542c ___removelocaleref 8 API calls 7572->7574 7583 f759c6 7573->7583 7578 f7597f 7574->7578 7577 f72dcc _free 64 API calls 7577->7549 7578->7573 7579 f754c5 ___freetlocinfo 64 API calls 7578->7579 7579->7573 7586 f78996 LeaveCriticalSection 7580->7586 7582 f75963 7582->7570 7587 f78996 LeaveCriticalSection 7583->7587 7585 f759a8 7585->7577 7586->7582 7587->7585 7637 f77700 7638 f7772c 7637->7638 7639 f77739 7637->7639 7640 f72d39 __write_nolock 5 API calls 7638->7640 7641 f72d39 __write_nolock 5 API calls 7639->7641 7640->7639 7645 f77749 __except_handler4 __IsNonwritableInCurrentImage 7641->7645 7642 f777cc 7643 f777a2 __except_handler4 7643->7642 7644 f777bc 7643->7644 7646 f72d39 __write_nolock 5 API calls 7643->7646 7647 f72d39 __write_nolock 5 API calls 7644->7647 7645->7642 7645->7643 7653 f7a1a2 RtlUnwind 7645->7653 7646->7644 7647->7642 7649 f7781e __except_handler4 7650 f77852 7649->7650 7651 f72d39 __write_nolock 5 API calls 7649->7651 7652 f72d39 __write_nolock 5 API calls 7650->7652 7651->7650 7652->7643 7653->7649 7379 f7344c 7380 f76c67 std::exception::exception 64 API calls 7379->7380 7381 f7345c 7380->7381 7382 f783c8 7389 f7a751 7382->7389 7385 f783db 7387 f72dcc _free 64 API calls 7385->7387 7388 f783e6 7387->7388 7402 f7a677 7389->7402 7391 f783cd 7391->7385 7392 f7a52b 7391->7392 7393 f7a537 _doexit 7392->7393 7394 f78a6f __lock 64 API calls 7393->7394 7401 f7a543 7394->7401 7395 f7a5a9 7443 f7a5be 7395->7443 7397 f7a5b5 _doexit 7397->7385 7399 f7a57e DeleteCriticalSection 7400 f72dcc _free 64 API calls 7399->7400 7400->7401 7401->7395 7401->7399 7430 f7b02a 7401->7430 7403 f7a683 _doexit 7402->7403 7404 f78a6f __lock 64 API calls 7403->7404 7411 f7a692 7404->7411 7405 f7a72a 7420 f7a748 7405->7420 7408 f7a736 _doexit 7408->7391 7410 f7a62f 99 API calls __fflush_nolock 7410->7411 7411->7405 7411->7410 7412 f78429 7411->7412 7417 f7a719 7411->7417 7413 f78436 7412->7413 7414 f7844c EnterCriticalSection 7412->7414 7415 f78a6f __lock 64 API calls 7413->7415 7414->7411 7416 f7843f 7415->7416 7416->7411 7423 f78497 7417->7423 7419 f7a727 7419->7411 7429 f78996 LeaveCriticalSection 7420->7429 7422 f7a74f 7422->7408 7424 f784a7 7423->7424 7425 f784ba LeaveCriticalSection 7423->7425 7428 f78996 LeaveCriticalSection 7424->7428 7425->7419 7427 f784b7 7427->7419 7428->7427 7429->7422 7431 f7b036 _doexit 7430->7431 7432 f7b05d 7431->7432 7433 f7b048 7431->7433 7440 f7b058 _doexit 7432->7440 7446 f783e8 7432->7446 7434 f74722 _free 64 API calls 7433->7434 7435 f7b04d 7434->7435 7437 f746d0 __fclose_nolock 11 API calls 7435->7437 7437->7440 7440->7401 7539 f78996 LeaveCriticalSection 7443->7539 7445 f7a5c5 7445->7397 7447 f7841c EnterCriticalSection 7446->7447 7448 f783fa 7446->7448 7450 f78412 7447->7450 7448->7447 7449 f78402 7448->7449 7451 f78a6f __lock 64 API calls 7449->7451 7452 f7afbd 7450->7452 7451->7450 7453 f7afe2 7452->7453 7454 f7afce 7452->7454 7456 f7afde 7453->7456 7471 f7a5c7 7453->7471 7455 f74722 _free 64 API calls 7454->7455 7457 f7afd3 7455->7457 7468 f7b096 7456->7468 7459 f746d0 __fclose_nolock 11 API calls 7457->7459 7459->7456 7463 f784c6 __fclose_nolock 64 API calls 7464 f7affc 7463->7464 7481 f7b90b 7464->7481 7466 f7b002 7466->7456 7467 f72dcc _free 64 API calls 7466->7467 7467->7456 7532 f7845b 7468->7532 7470 f7b09c 7470->7440 7472 f7a5e0 7471->7472 7476 f7a602 7471->7476 7473 f784c6 __fclose_nolock 64 API calls 7472->7473 7472->7476 7474 f7a5fb 7473->7474 7475 f7819e __write 95 API calls 7474->7475 7475->7476 7477 f7b9cf 7476->7477 7478 f7b9df 7477->7478 7479 f7aff6 7477->7479 7478->7479 7480 f72dcc _free 64 API calls 7478->7480 7479->7463 7480->7479 7482 f7b917 _doexit 7481->7482 7483 f7b91f 7482->7483 7484 f7b93a 7482->7484 7485 f74735 __write_nolock 64 API calls 7483->7485 7486 f7b946 7484->7486 7489 f7b980 7484->7489 7487 f7b924 7485->7487 7488 f74735 __write_nolock 64 API calls 7486->7488 7490 f74722 _free 64 API calls 7487->7490 7491 f7b94b 7488->7491 7492 f7a2c1 ___lock_fhandle 66 API calls 7489->7492 7501 f7b92c _doexit 7490->7501 7493 f74722 _free 64 API calls 7491->7493 7494 f7b986 7492->7494 7495 f7b953 7493->7495 7496 f7b994 7494->7496 7497 f7b9a0 7494->7497 7498 f746d0 __fclose_nolock 11 API calls 7495->7498 7504 f7b86f 7496->7504 7500 f74722 _free 64 API calls 7497->7500 7498->7501 7502 f7b99a 7500->7502 7501->7466 7519 f7b9c7 7502->7519 7505 f7a258 __close_nolock 64 API calls 7504->7505 7508 f7b87f 7505->7508 7506 f7b8d5 7522 f7a1d2 7506->7522 7508->7506 7509 f7b8b3 7508->7509 7512 f7a258 __close_nolock 64 API calls 7508->7512 7509->7506 7510 f7a258 __close_nolock 64 API calls 7509->7510 7513 f7b8bf CloseHandle 7510->7513 7515 f7b8aa 7512->7515 7513->7506 7516 f7b8cb GetLastError 7513->7516 7514 f7b8ff 7514->7502 7518 f7a258 __close_nolock 64 API calls 7515->7518 7516->7506 7517 f74748 __dosmaperr 64 API calls 7517->7514 7518->7509 7531 f7a360 LeaveCriticalSection 7519->7531 7521 f7b9cd 7521->7501 7523 f7a1e3 7522->7523 7524 f7a23e 7522->7524 7523->7524 7527 f7a20e 7523->7527 7525 f74722 _free 64 API calls 7524->7525 7526 f7a243 7525->7526 7528 f74735 __write_nolock 64 API calls 7526->7528 7529 f7a234 7527->7529 7530 f7a22e SetStdHandle 7527->7530 7528->7529 7529->7514 7529->7517 7530->7529 7531->7521 7533 f7846c 7532->7533 7534 f7848b LeaveCriticalSection 7532->7534 7533->7534 7535 f78473 7533->7535 7534->7470 7538 f78996 LeaveCriticalSection 7535->7538 7537 f78488 7537->7470 7538->7537 7539->7445

              Executed Functions

              Function 00F72C50 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 75stringsynchronizationCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetCommandLineA.KERNEL32 ref: 00F72C65
                • Part of subcall function 00F71CA0: lstrlenA.KERNEL32 ref: 00F71CAC
                • Part of subcall function 00F71CA0: GlobalAlloc.KERNEL32(00000000,00000004), ref: 00F71CC5
                • Part of subcall function 00F72910: StrToIntA.SHLWAPI ref: 00F72952
              • StrStrA.SHLWAPI(00000000,/run), ref: 00F72C92
              • wsprintfA.USER32 ref: 00F72CAB
                • Part of subcall function 00F72A50: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 00F72A71
                • Part of subcall function 00F72A50: lstrcpyA.KERNEL32(?,00F7E404), ref: 00F72A80
                • Part of subcall function 00F72A50: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00F72AA4
                • Part of subcall function 00F72A50: GetLastError.KERNEL32 ref: 00F72AAA
                • Part of subcall function 00F72A50: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00F72ACB
                • Part of subcall function 00F72A50: GetFileSize.KERNEL32(00000000,00000000), ref: 00F72AE0
                • Part of subcall function 00F72A50: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00F72B03
                • Part of subcall function 00F72A50: CloseHandle.KERNEL32(00000000), ref: 00F72B0A
                • Part of subcall function 00F72A50: lstrcpyA.KERNEL32(00000000,00F7E440), ref: 00F72B30
                • Part of subcall function 00F72A50: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00F72B3D
                • Part of subcall function 00F72A50: lstrcpyA.KERNEL32(?,00F7E468), ref: 00F72B4F
                • Part of subcall function 00F72A50: wsprintfA.USER32 ref: 00F72B9F
              • lstrcpyA.KERNEL32(?,l5Sxfak`x|S|v|{jb<=Slbk!jwj), ref: 00F72CC2
              • ShellExecuteA.SHELL32(00000000,00000000,00000000,?,00000000,00000000), ref: 00F72CF1
              • ExitProcess.KERNEL32 ref: 00F72CF9
              • OpenMutexA.KERNEL32(001F0001,00000000,MUTEX394039_4830023), ref: 00F72D0B
              • CreateMutexA.KERNELBASE(00000000,00000000,MUTEX394039_4830023), ref: 00F72D1E
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: CreateFilelstrcpy$DirectoryMutexwsprintf$AllocCloseCommandErrorExecuteExitGlobalHandleLastLineModuleNameOpenProcessReadShellSizelstrlen
              • String ID: /c del /q "%s" >> NUL$/run$MUTEX394039_4830023$l5Sxfak`x|S|v|{jb<=Slbk!jwj
              • API String ID: 1071610658-845142850
              • Opcode ID: e51252fb250bff5a9e9e5085eaf581b65614d518cf0394ffc52df957880ae5a9
              • Instruction ID: d3090efad07cb62854eb09fdd163d1b9c047774d8afc6bcb673cca4ccb755273
              • Opcode Fuzzy Hash: e51252fb250bff5a9e9e5085eaf581b65614d518cf0394ffc52df957880ae5a9
              • Instruction Fuzzy Hash: 3421A771A4020CABD751DBB0DC46FEE7768AF04711F00806BF60DE7182DA749985A7E7
              Function 00F717E0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 139COMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetComputerNameA.KERNEL32(?,?), ref: 00F71812
              • _malloc.LIBCMT ref: 00F71827
                • Part of subcall function 00F72E06: __FF_MSGBANNER.LIBCMT ref: 00F72E1F
                • Part of subcall function 00F72E06: __NMSG_WRITE.LIBCMT ref: 00F72E26
                • Part of subcall function 00F72E06: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,20141104,?,00F7182C,00000288), ref: 00F72E4B
              • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00F71854
              • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 00F71876
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: AdaptersInfo$AllocateComputerHeapName_malloc
              • String ID: %2.2X$PIlp
              • API String ID: 2323108929-1622041485
              • Opcode ID: 7817e82a5c08b88c9990408f3f3211af9e1f00c6fed4314e1a8ea0487dedb796
              • Instruction ID: 53ba42a10a3d0b689a939ab3489a9f2e8bb22af8d5adf69408f8a202b54fcd79
              • Opcode Fuzzy Hash: 7817e82a5c08b88c9990408f3f3211af9e1f00c6fed4314e1a8ea0487dedb796
              • Instruction Fuzzy Hash: 5C41F871D001289BCB21DF68DC91BEEB3B9FF55350F0085EAD98D97101DA709E899BD2
              Function 00F712A0 Relevance: 4.6, APIs: 3, Instructions: 133networksleepCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 169 f712a0-f712de call f7a500 172 f712e0-f712eb 169->172 173 f712ef-f71317 172->173 174 f712ed 172->174 175 f713cf-f713e4 173->175 176 f7131d-f7132b 173->176 174->173 178 f71427-f71429 175->178 179 f713e6-f713f9 send 175->179 177 f71331-f713bd 176->177 177->177 180 f713c3-f713c9 177->180 178->172 183 f7142f-f71442 call f72d39 178->183 181 f71401-f71404 179->181 182 f713fb-f713ff 179->182 180->175 184 f71422-f71425 181->184 185 f71406-f71411 WSAGetLastError 181->185 182->184 184->178 184->179 187 f71443-f71455 call f72d39 185->187 188 f71413-f71418 185->188 188->187 190 f7141a-f7141c Sleep 188->190 190->184
              APIs
              • send.WS2_32(?,?,00004C5B,00000000), ref: 00F713F1
              • WSAGetLastError.WS2_32 ref: 00F71406
              • Sleep.KERNEL32(0000000A), ref: 00F7141C
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: ErrorLastSleepsend
              • String ID:
              • API String ID: 4076785223-0
              • Opcode ID: 32c63204bd85214f468d4416bc2f7f323d6ee9aa190cad0b0a4abe5a4c7a830c
              • Instruction ID: 935425daae9932427db705221c6e46ed79279f6c817d0240f5e74313567a044d
              • Opcode Fuzzy Hash: 32c63204bd85214f468d4416bc2f7f323d6ee9aa190cad0b0a4abe5a4c7a830c
              • Instruction Fuzzy Hash: 04418132F002288BDB25CF6D988059AF7A9AB8A320F4145AED44DE7641D7345F88DB52
              Function 00F71570 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 120registrystringCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • _memset.LIBCMT ref: 00F715C4
              • _memset.LIBCMT ref: 00F71605
              • _memset.LIBCMT ref: 00F71618
              • lstrcpyA.KERNEL32(?,00F7E2A3), ref: 00F71626
              • RegOpenKeyExA.KERNELBASE(80000002,00000000,00000000,00020019,?,?,00F7E2A3), ref: 00F71663
              • _memset.LIBCMT ref: 00F716B3
              • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000100,?,?,00F7E2A3), ref: 00F716D5
              • lstrcatA.KERNEL32(?,?,?,?,00F7E2A3), ref: 00F716E3
              • lstrcatA.KERNEL32(?,00F7E2A4,?,?,?,?,00F7E2A3), ref: 00F716EF
              • RegCloseKey.KERNELBASE(?,?,?,00F7E2A3), ref: 00F71707
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: _memset$lstrcat$CloseOpenQueryValuelstrcpy
              • String ID: L\KYj}|f`a$\@I[XN]JSBfl}`|`i{SXfak`x|/A[SLz}}ja{Yj}|f`aS$_}`kzl{Anbj
              • API String ID: 3930758678-146727092
              • Opcode ID: 69e0000727053dd2735e98652612dec84e783048eefd7d1b0b4c51d58aef93bc
              • Instruction ID: ea0afd55cc47194321afb0bc41da11402fe05090caee407471e1c9bb1a3518f9
              • Opcode Fuzzy Hash: 69e0000727053dd2735e98652612dec84e783048eefd7d1b0b4c51d58aef93bc
              • Instruction Fuzzy Hash: DC419071E00218ABDB21DB64DC45F9AB7B9AB48704F1080DAF50DA7182DBB05A85EF92
              Function 00F727E0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 94sleepnetworkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 81 f727e0-f72819 WSAStartup 82 f7281f-f7282b 81->82 83 f728ee-f72902 call f72d39 81->83 85 f7282d-f7282f 82->85 86 f7283b-f7283d 82->86 89 f72830-f72839 85->89 87 f72840-f72863 call f71460 86->87 92 f72865-f72869 87->92 93 f728a0-f728a9 call f719a0 call f71b60 87->93 89->86 89->89 94 f7288b-f7289e Sleep 92->94 95 f7286b-f72871 92->95 100 f728ae-f728b0 93->100 94->87 95->94 97 f72873-f72889 Sleep 95->97 97->87 101 f728b5-f728d3 call f72750 recv 100->101 102 f728b2-f728b3 100->102 105 f728d5-f728d6 closesocket 101->105 106 f728dc-f728e9 Sleep 101->106 102->87 105->106 106->87
              APIs
              • WSAStartup.WS2_32 ref: 00F72811
              • Sleep.KERNEL32(00A4CB80), ref: 00F7287B
              • Sleep.KERNEL32(?), ref: 00F72890
              • recv.WS2_32(00000000,?,0000000A,00000000), ref: 00F728CB
              • closesocket.WS2_32(00000000), ref: 00F728D6
              • Sleep.KERNEL32(0036EE80), ref: 00F728E3
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: Sleep$Startupclosesocketrecv
              • String ID: 165.194.123.67$`$`
              • API String ID: 1594183973-349415539
              • Opcode ID: 00f483b826113eae44ae26eb5fbc399cd235d1415e05b37642c7d99fe23dabf2
              • Instruction ID: 80d494bfb187175e4384fdfa65ad3bfb1c1812883a6afaec935622e7022463a4
              • Opcode Fuzzy Hash: 00f483b826113eae44ae26eb5fbc399cd235d1415e05b37642c7d99fe23dabf2
              • Instruction Fuzzy Hash: 3A3105B2A002049BE3649B34AC44B6B7698FB85314F40842FF94EC6152EB399805E793
              Function 00F71B60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99memorynetworksleepCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 107 f71b60-f71b71 108 f71b72-f71b7a 107->108 109 f71b80-f71b8d recv 108->109 110 f71b95-f71b98 109->110 111 f71b8f-f71b93 109->111 113 f71b9e-f71ba9 WSAGetLastError 110->113 114 f71c8c-f71c9d call f72d39 110->114 112 f71bc2-f71bc4 111->112 112->109 116 f71bc6-f71bcd 112->116 113->114 115 f71baf-f71bb4 113->115 115->114 118 f71bba-f71bbc Sleep 115->118 119 f71bd3-f71bfa GetProcessHeap 116->119 120 f71c5e-f71c72 call f72d39 116->120 118->112 119->114 125 f71c00-f71c1b 119->125 126 f71c52-f71c59 125->126 127 f71c1d-f71c36 call f71b00 125->127 126->108 130 f71c73-f71c86 GetProcessHeap HeapFree 127->130 131 f71c38-f71c4d call f71020 127->131 130->114 131->126
              APIs
              • recv.WS2_32(?,?,00000010,00000000), ref: 00F71B85
              • WSAGetLastError.WS2_32(?,?,00000010,00000000), ref: 00F71B9E
              • Sleep.KERNEL32(0000000A,?,?,00000010,00000000), ref: 00F71BBC
              • GetProcessHeap.KERNEL32(00000008,?,?,?,00000010,00000000), ref: 00F71BE2
              • HeapAlloc.KERNEL32(00000000,?,?,00000010,00000000), ref: 00F71BE5
              • GetProcessHeap.KERNEL32(00000000), ref: 00F71C83
              • HeapFree.KERNEL32(00000000), ref: 00F71C86
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: Heap$Process$AllocErrorFreeLastSleeprecv
              • String ID: ]Vw
              • API String ID: 4059495080-1841013464
              • Opcode ID: 1b0b4347a0d46f461995b5d4488d16fe44d528292f4aa02e09d68379790a5b64
              • Instruction ID: c18f1316b7d31f9b84e060e479f0e6d2c32a8bb67c9a9c53f67312b1968b0cd8
              • Opcode Fuzzy Hash: 1b0b4347a0d46f461995b5d4488d16fe44d528292f4aa02e09d68379790a5b64
              • Instruction Fuzzy Hash: D5319475E00208DBD710DFA8DC45BEAB7B8FB84360F14855AE80AD7391D734A945EBA2
              Function 00F719A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97networkstringCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetUserNameA.ADVAPI32(?,?), ref: 00F719CD
                • Part of subcall function 00F71720: _memset.LIBCMT ref: 00F71742
                • Part of subcall function 00F71720: GetVersionExA.KERNEL32(?), ref: 00F71761
                • Part of subcall function 00F71720: GetVersionExA.KERNEL32(0000009C), ref: 00F71778
                • Part of subcall function 00F71570: _memset.LIBCMT ref: 00F715C4
                • Part of subcall function 00F71570: _memset.LIBCMT ref: 00F71605
                • Part of subcall function 00F71570: _memset.LIBCMT ref: 00F71618
                • Part of subcall function 00F71570: lstrcpyA.KERNEL32(?,00F7E2A3), ref: 00F71626
                • Part of subcall function 00F71570: RegOpenKeyExA.KERNELBASE(80000002,00000000,00000000,00020019,?,?,00F7E2A3), ref: 00F71663
                • Part of subcall function 00F71570: _memset.LIBCMT ref: 00F716B3
                • Part of subcall function 00F71570: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000100,?,?,00F7E2A3), ref: 00F716D5
              • _sprintf.LIBCMT ref: 00F71A08
              • lstrlenA.KERNEL32(?), ref: 00F71A17
              • WSAStartup.WS2_32(00000002,?), ref: 00F71A2D
              • gethostname.WS2_32(?,000000FF), ref: 00F71A43
              • gethostbyname.WS2_32(?), ref: 00F71A54
              • WSACleanup.WS2_32 ref: 00F71A67
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: _memset$Version$CleanupNameOpenQueryStartupUserValue_sprintfgethostbynamegethostnamelstrcpylstrlen
              • String ID: %s/%s
              • API String ID: 396611607-2758257063
              • Opcode ID: ef7c670b46912e112677aa1999a007bda571aba83a9f261e3edcb69f0d83f4f3
              • Instruction ID: 4d9bda5caf7fd4261a879beaf59feed929e726898c7451c0386124b19863e603
              • Opcode Fuzzy Hash: ef7c670b46912e112677aa1999a007bda571aba83a9f261e3edcb69f0d83f4f3
              • Instruction Fuzzy Hash: D93163B1E001099FDB24DF64DC85EAA7779FB44740F0081AEE50D97241EA349E89DF95
              Function 00F71460 Relevance: 12.1, APIs: 8, Instructions: 98networkCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • gethostbyname.WS2_32(?), ref: 00F71476
              • WSAGetLastError.WS2_32 ref: 00F71482
              • socket.WS2_32(00000002,00000001,00000000), ref: 00F714A0
              • htons.WS2_32(?), ref: 00F714D6
              • connect.WS2_32(00000000,?,00000010), ref: 00F714E7
              • closesocket.WS2_32(00000000), ref: 00F714F3
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: ErrorLastclosesocketconnectgethostbynamehtonssocket
              • String ID:
              • API String ID: 1599336672-0
              • Opcode ID: 77cb1a40392bbbab8ab89de4cba57057c33e35ae5d2d9b541629fb12e292c72f
              • Instruction ID: 0b2099b7a45efbbf5fe3113729058dbc7c14057304128f6b45aae8b366639968
              • Opcode Fuzzy Hash: 77cb1a40392bbbab8ab89de4cba57057c33e35ae5d2d9b541629fb12e292c72f
              • Instruction Fuzzy Hash: 8C318475A00118AFDB10DFA8DC45BEEB7B9EF48310F50416EF909E7281DBB45A049BA2

              Non-executed Functions

              Function 00F7306D Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 00F7307B
                • Part of subcall function 00F72E06: __FF_MSGBANNER.LIBCMT ref: 00F72E1F
                • Part of subcall function 00F72E06: __NMSG_WRITE.LIBCMT ref: 00F72E26
                • Part of subcall function 00F72E06: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,20141104,?,00F7182C,00000288), ref: 00F72E4B
              • _free.LIBCMT ref: 00F7308E
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: AllocateHeap_free_malloc
              • String ID:
              • API String ID: 1020059152-0
              • Opcode ID: 010662604e8ac34203535eb35818bf510524cb21b2279fe830c12e4ef3c9b4f4
              • Instruction ID: c27587f7a376fc0314681b258e83abb94a9693e218d95c00f9b46c778c05047f
              • Opcode Fuzzy Hash: 010662604e8ac34203535eb35818bf510524cb21b2279fe830c12e4ef3c9b4f4
              • Instruction Fuzzy Hash: F3118F32940615BBCB313B74AC057AA37A8BF413B4B20C52BF98C96150DB39DA81B697
              Function 00F72D39 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • IsDebuggerPresent.KERNEL32 ref: 00F73744
              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F73759
              • UnhandledExceptionFilter.KERNEL32(00F7C268), ref: 00F73764
              • GetCurrentProcess.KERNEL32(C0000409), ref: 00F73780
              • TerminateProcess.KERNEL32(00000000), ref: 00F73787
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
              • String ID:
              • API String ID: 2579439406-0
              • Opcode ID: 3b9e186f8345d4a93b067845c0f19c660548ebc3619f9ba6a4351a0de3c93113
              • Instruction ID: eec1e2ed10ed78b247837d0604c8c85ed64442a6c20783c976f45d92fa052d07
              • Opcode Fuzzy Hash: 3b9e186f8345d4a93b067845c0f19c660548ebc3619f9ba6a4351a0de3c93113
              • Instruction Fuzzy Hash: C721E2B5804248DFC750DF24ED46AA43BB8FB08310F50821AE60D97260EB7059C6FF52
              Function 00F722A0 Relevance: 89.6, APIs: 39, Strings: 12, Instructions: 375stringCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 293 f722a0-f722be 294 f722c4-f72351 call f768f0 * 2 call f733c9 call f733a2 call f79a20 lstrcpyA 293->294 295 f72733-f72743 call f72d39 293->295 308 f72353 294->308 309 f72360-f723a3 wsprintfA 294->309 311 f72355-f7235e 308->311 310 f723a6-f723ab 309->310 310->310 312 f723ad-f723e7 call f712a0 lstrcmpA 310->312 311->309 311->311 312->295 315 f723ed-f72409 call f71ca0 312->315 318 f7240b 315->318 319 f72419-f72425 lstrcmpA 315->319 320 f72410-f72417 318->320 321 f724be-f724ca lstrcmpA 319->321 322 f7242b-f72455 lstrcpyA StrToIntA 319->322 320->319 320->320 325 f725b4-f725c0 lstrcmpA 321->325 326 f724d0-f724d3 321->326 323 f72457-f72459 322->323 324 f7246b-f724b9 wsprintfA lstrlenA 322->324 330 f72460-f72469 323->330 331 f726f4-f72720 call f712a0 call f72d39 324->331 328 f725c6-f725d7 StrChrA 325->328 329 f72671-f7267d lstrcmpA 325->329 327 f724d6 call f71dc0 326->327 332 f724db-f724dd 327->332 333 f725de 328->333 334 f725d9-f725dc 328->334 336 f72683-f72686 329->336 337 f72721-f72725 329->337 330->324 330->330 339 f724df-f72514 lstrcpyA call f71000 lstrcatA lstrlenA 332->339 340 f72519-f72542 lstrcpyA call f71000 lstrcatA 332->340 342 f725e1 call f71f10 333->342 341 f725ed-f7262b lstrcpyA call f71000 lstrcatA * 2 lstrlenA 334->341 344 f72689 call f71dc0 336->344 338 f7272b call f72000 337->338 346 f72730 338->346 361 f726f3 339->361 362 f72545 call f71f10 340->362 341->361 349 f725e6-f725eb 342->349 345 f7268e-f72690 344->345 352 f726b3-f726d3 lstrcpyA call f71000 345->352 353 f72692-f726b1 lstrcpyA call f71000 345->353 346->295 349->341 356 f72630-f7266c lstrcpyA call f71000 lstrcpyA lstrcatA lstrlenA 349->356 368 f726d4-f726e0 lstrcatA 352->368 353->368 356->361 361->331 366 f7254a-f7254f 362->366 369 f72571-f7258f lstrcpyA call f71000 lstrcpyA 366->369 370 f72551-f7256f lstrcpyA call f71000 lstrcatA 366->370 371 f726e3-f726e8 368->371 377 f72591-f725af lstrcatA lstrlenA 369->377 370->377 371->371 374 f726ea-f726f2 371->374 374->361 377->361
              APIs
              • _memset.LIBCMT ref: 00F722D9
              • _memset.LIBCMT ref: 00F722F6
              • __time64.LIBCMT ref: 00F72300
                • Part of subcall function 00F733C9: GetSystemTimeAsFileTime.KERNEL32(00F72305,?,?,?,00F72305,00000000), ref: 00F733D4
                • Part of subcall function 00F733C9: __aulldiv.LIBCMT ref: 00F733F4
              • __localtime64.LIBCMT ref: 00F7231B
                • Part of subcall function 00F733A2: __localtime64_s.LIBCMT ref: 00F733B7
              • _memmove.LIBCMT ref: 00F72331
              • lstrcpyA.KERNEL32(?,_]@LJ\\JK/N[), ref: 00F72348
              • wsprintfA.USER32 ref: 00F72394
              • lstrcmpA.KERNEL32(00000000,00F7E2A3), ref: 00F723E3
              • lstrcmpA.KERNEL32(?,+fa{j}ync), ref: 00F72421
              • lstrcpyA.KERNEL32(00000000,Fa{j}ync/f|/|j{/{`,?,+fa{j}ync), ref: 00F72434
              • StrToIntA.SHLWAPI(?,?,+fa{j}ync), ref: 00F7243A
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: Time_memsetlstrcmplstrcpy$FileSystem__aulldiv__localtime64__localtime64_s__time64_memmovewsprintf
              • String ID: CMD:%s %s %d/%d/%d %d:%d:%d$%s %d min$+fa{j}ync$+jwjl$+k`xac`nk$+k`xac`nkjwjl$Fa{j}ync/f|/|j{/{`$Jwjlz{f`a/infcz}j$Jwjlz{f`a/|zllj||$K`xac`nk/infcz}j$K`xac`nk/|zllj||$_]@LJ\\JK/N[
              • API String ID: 1549752644-755128454
              • Opcode ID: b30f2b68a2c7b4208b29b5bdbf4735c1f6f075e4678f21743320af0f65fa438b
              • Instruction ID: f3f333c8f66c35f3a485f5963ab878d38ffad4d39bfd39481da373dcba113bb1
              • Opcode Fuzzy Hash: b30f2b68a2c7b4208b29b5bdbf4735c1f6f075e4678f21743320af0f65fa438b
              • Instruction Fuzzy Hash: CCD18B7190020C9BD764DB74DC41FEA77B9AF48304F00C5ABE54ED7141EA34EA85ABE6
              Function 00F759CF Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 378 f759cf-f759e1 GetModuleHandleW 379 f759e3-f759eb call f7571c 378->379 380 f759ec-f75a34 GetProcAddress * 4 378->380 381 f75a36-f75a3d 380->381 382 f75a4c-f75a6b 380->382 381->382 384 f75a3f-f75a46 381->384 385 f75a70-f75a7e TlsAlloc 382->385 384->382 387 f75a48-f75a4a 384->387 388 f75b45 385->388 389 f75a84-f75a8f TlsSetValue 385->389 387->382 387->385 391 f75b47-f75b49 388->391 389->388 390 f75a95-f75adb call f747de EncodePointer * 4 call f788f5 389->390 396 f75b40 call f7571c 390->396 397 f75add-f75afa DecodePointer 390->397 396->388 397->396 400 f75afc-f75b0e call f78554 397->400 400->396 403 f75b10-f75b23 DecodePointer 400->403 403->396 405 f75b25-f75b3e call f75759 GetCurrentThreadId 403->405 405->391
              APIs
              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00F7359C), ref: 00F759D7
              • __mtterm.LIBCMT ref: 00F759E3
                • Part of subcall function 00F7571C: DecodePointer.KERNEL32(00000005,00F75B45,?,00F7359C), ref: 00F7572D
                • Part of subcall function 00F7571C: TlsFree.KERNEL32(00000015,00F75B45,?,00F7359C), ref: 00F75747
                • Part of subcall function 00F7571C: DeleteCriticalSection.KERNEL32(00000000,00000000,775857D0,?,00F75B45,?,00F7359C), ref: 00F7895C
                • Part of subcall function 00F7571C: _free.LIBCMT ref: 00F7895F
                • Part of subcall function 00F7571C: DeleteCriticalSection.KERNEL32(00000015,775857D0,?,00F75B45,?,00F7359C), ref: 00F78986
              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00F759F9
              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00F75A06
              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00F75A13
              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00F75A20
              • TlsAlloc.KERNEL32(?,00F7359C), ref: 00F75A70
              • TlsSetValue.KERNEL32(00000000,?,00F7359C), ref: 00F75A8B
              • __init_pointers.LIBCMT ref: 00F75A95
              • EncodePointer.KERNEL32(?,00F7359C), ref: 00F75AA6
              • EncodePointer.KERNEL32(?,00F7359C), ref: 00F75AB3
              • EncodePointer.KERNEL32(?,00F7359C), ref: 00F75AC0
              • EncodePointer.KERNEL32(?,00F7359C), ref: 00F75ACD
              • DecodePointer.KERNEL32(00F758A0,?,00F7359C), ref: 00F75AEE
              • __calloc_crt.LIBCMT ref: 00F75B03
              • DecodePointer.KERNEL32(00000000,?,00F7359C), ref: 00F75B1D
              • GetCurrentThreadId.KERNEL32 ref: 00F75B2F
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
              • API String ID: 3698121176-3819984048
              • Opcode ID: a284a763471fd87f0181f3f9e9e18ff53b5d2c5e760292060acb2b42174ba524
              • Instruction ID: f9d1e36ba616e44d8e127904603bdbdce3bbb48611584313fbe9c95f23e9f577
              • Opcode Fuzzy Hash: a284a763471fd87f0181f3f9e9e18ff53b5d2c5e760292060acb2b42174ba524
              • Instruction Fuzzy Hash: 2931B33180270D9ED7206B79AC596F93FA8BB84B70B45462BE418A31B0DBB48443FF43
              Function 00F72000 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 194sleepprocessfileCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • _memset.LIBCMT ref: 00F72031
              • _memset.LIBCMT ref: 00F72049
              • lstrcpyA.KERNEL32(?,L5Sxfak`x|S|v|{jb<=Slbk!jwj), ref: 00F7205D
              • _sprintf.LIBCMT ref: 00F72091
              • CreatePipe.KERNEL32 ref: 00F720CD
              • _memset.LIBCMT ref: 00F720DD
              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00F7215D
              • Sleep.KERNEL32(000001F4), ref: 00F72196
              • WaitForSingleObject.KERNEL32(?,0002BF20), ref: 00F721A4
              • GetExitCodeProcess.KERNEL32(?,?), ref: 00F721B8
              • TerminateProcess.KERNEL32(?,00000000), ref: 00F721D6
              • CloseHandle.KERNEL32(?), ref: 00F721E9
              • CloseHandle.KERNEL32(?), ref: 00F721F2
              • CloseHandle.KERNEL32(?), ref: 00F721FB
              • CloseHandle.KERNEL32(?), ref: 00F7220F
              • CloseHandle.KERNEL32(?), ref: 00F72218
              • ReadFile.KERNEL32(?,?,00001FA0,00000001,00000000), ref: 00F7223B
              • CloseHandle.KERNEL32(?), ref: 00F72284
                • Part of subcall function 00F712A0: send.WS2_32(?,?,00004C5B,00000000), ref: 00F713F1
              • Sleep.KERNEL32(0000000A,?,?,?,?,?,?,00040000), ref: 00F72279
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: CloseHandle$Process_memset$CreateSleep$CodeExitFileObjectPipeReadSingleTerminateWait_sprintflstrcpysend
              • String ID: %s /c %s$D$L5Sxfak`x|S|v|{jb<=Slbk!jwj
              • API String ID: 2039536558-3632673802
              • Opcode ID: 4e7548a960c05010b2c98de1afbdfac7a5f6909df5571e6a5a7d689bec6272e4
              • Instruction ID: e5fefd89f3571774465994413294eec31cbac53d2e9c8580a6b91abd6fbef157
              • Opcode Fuzzy Hash: 4e7548a960c05010b2c98de1afbdfac7a5f6909df5571e6a5a7d689bec6272e4
              • Instruction Fuzzy Hash: 307113F1E00218AFDB24DBA5DC809EEB7B8EB48310F4081DAF70DA7151D6745E849F96
              Function 00F72A50 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 159filestringprocessCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 00F72A71
              • lstrcpyA.KERNEL32(?,00F7E404), ref: 00F72A80
              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00F72AA4
              • GetLastError.KERNEL32 ref: 00F72AAA
              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00F72ACB
              • GetFileSize.KERNEL32(00000000,00000000), ref: 00F72AE0
              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00F72B03
              • CloseHandle.KERNEL32(00000000), ref: 00F72B0A
              • lstrcpyA.KERNEL32(00000000,00F7E440), ref: 00F72B30
              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00F72B3D
              • lstrcpyA.KERNEL32(?,00F7E468), ref: 00F72B4F
              • lstrcpyA.KERNEL32(?,00F7E41C), ref: 00F72B6A
              • wsprintfA.USER32 ref: 00F72B9F
              • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00F72BC1
              • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00F72BE6
              • GetTickCount.KERNEL32 ref: 00F72BE8
              • WriteFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 00F72C07
              • CloseHandle.KERNEL32(00000000), ref: 00F72C0A
              • WinExec.KERNEL32(?,00000000), ref: 00F72C2D
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: File$Createlstrcpy$CloseDirectoryHandleWrite$CountErrorExecLastModuleNameReadSizeTickwsprintf
              • String ID: "%s" /run
              • API String ID: 3411283918-4208677260
              • Opcode ID: 57f9cb579983cf4004f7382d339f05c9c4c85e38c62489b875adac574ab126f0
              • Instruction ID: d0e59cba7c4d89641416743150bf9c87edb486f7e28f14561fcb6461e78dab01
              • Opcode Fuzzy Hash: 57f9cb579983cf4004f7382d339f05c9c4c85e38c62489b875adac574ab126f0
              • Instruction Fuzzy Hash: 46518371940218EBEB20EB74DC49FEA7778AB44710F00429AF60DE7091DB755A85DBE3
              Function 00F71D9E Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 128filenetworkCOMMON
              Download Yara Rule
              APIs
              • GetTempPathA.KERNEL32(00000100,?), ref: 00F71DF9
              • SetCurrentDirectoryA.KERNEL32(?), ref: 00F71E06
              • DeleteUrlCacheEntry.WININET ref: 00F71E0D
              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00F71E29
              • URLOpenBlockingStreamA.URLMON(00000000,?,?,00000000,00000000), ref: 00F71E45
              • _memset.LIBCMT ref: 00F71E6C
              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00F71EBB
              • _memset.LIBCMT ref: 00F71ECB
              • CloseHandle.KERNEL32(00000000), ref: 00F71EEB
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: File_memset$BlockingCacheCloseCreateCurrentDeleteDirectoryEntryHandleOpenPathStreamTempWrite
              • String ID: P6u$sec.exe
              • API String ID: 1790114914-3636431342
              • Opcode ID: 83b5be733cc22d340bb81287750e7a6542f7dc87fec1ddeeffce17a3f3e00c08
              • Instruction ID: 84464d013bcddf9c91f65dd414f3e3be90661b76584906d9696bc4601219393b
              • Opcode Fuzzy Hash: 83b5be733cc22d340bb81287750e7a6542f7dc87fec1ddeeffce17a3f3e00c08
              • Instruction Fuzzy Hash: 4F317371900118AFD750DB68DC80FEAB7BCFF45714F0481A9EA48D7141DA706E8A9BE2
              Function 00F71DC0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 106filenetworkCOMMON
              Download Yara Rule
              APIs
              • GetTempPathA.KERNEL32(00000100,?), ref: 00F71DF9
              • SetCurrentDirectoryA.KERNEL32(?), ref: 00F71E06
              • DeleteUrlCacheEntry.WININET ref: 00F71E0D
              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00F71E29
              • URLOpenBlockingStreamA.URLMON(00000000,?,?,00000000,00000000), ref: 00F71E45
              • _memset.LIBCMT ref: 00F71E6C
              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00F71EBB
              • _memset.LIBCMT ref: 00F71ECB
              • CloseHandle.KERNEL32(00000000), ref: 00F71EEB
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: File_memset$BlockingCacheCloseCreateCurrentDeleteDirectoryEntryHandleOpenPathStreamTempWrite
              • String ID: P6u$sec.exe
              • API String ID: 1790114914-3636431342
              • Opcode ID: 69de87842736d7411650291c36c5ad29657e2f9d01721d04f0ee5643001d2ba6
              • Instruction ID: f81adaefa761162502c2b619f72a732292cca021914183f6091f5230da331686
              • Opcode Fuzzy Hash: 69de87842736d7411650291c36c5ad29657e2f9d01721d04f0ee5643001d2ba6
              • Instruction Fuzzy Hash: 02313275900118AFD760DB58DC80FEAB3BCFB44714F04C1A9AA49E7141DA706E899BE2
              Function 00F729A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71registrystringCOMMON
              Download Yara Rule
              APIs
              • lstrcpyA.KERNEL32(?,\`i{xn}jSBfl}`|`i{SXfak`x|SLz}}ja{Yj}|f`aS]za), ref: 00F729C3
              • RegCreateKeyA.ADVAPI32(80000001,?,?), ref: 00F729E7
              • lstrcpyA.KERNEL32(?,00F7E3F8), ref: 00F729FB
              • lstrlenA.KERNEL32 ref: 00F72A12
              • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 00F72A26
              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F72A37
              Strings
              • \`i{xn}jSBfl}`|`i{SXfak`x|SLz}}ja{Yj}|f`aS]za, xrefs: 00F729B8
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: lstrcpy$CloseCreateValuelstrlen
              • String ID: \`i{xn}jSBfl}`|`i{SXfak`x|SLz}}ja{Yj}|f`aS]za
              • API String ID: 4056970110-2895997472
              • Opcode ID: 8b0dda1814a33f08fab2a820ac33032829dd29f8b93b4dff9f6beb32b76606f3
              • Instruction ID: 59c19fba008410399a4236d12b3f1f1f32dd33a22e5f1c771b14fa13012b8f58
              • Opcode Fuzzy Hash: 8b0dda1814a33f08fab2a820ac33032829dd29f8b93b4dff9f6beb32b76606f3
              • Instruction Fuzzy Hash: 9B215E71E0434CEBEB15DBB4DC849EEBB7DEB45710F00806EE509EB141E6749984EBA2
              Function 00F75759 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00F7E798,00000008,00F75861,00000000,00000000,?,?,00F74727,00F72E8F,20141104,?,00F7182C,00000288), ref: 00F7576A
              • __lock.LIBCMT ref: 00F7579E
                • Part of subcall function 00F78A6F: __mtinitlocknum.LIBCMT ref: 00F78A85
                • Part of subcall function 00F78A6F: __amsg_exit.LIBCMT ref: 00F78A91
                • Part of subcall function 00F78A6F: EnterCriticalSection.KERNEL32(?,?,?,00F757A3,0000000D), ref: 00F78A99
              • InterlockedIncrement.KERNEL32(00F801C0), ref: 00F757AB
              • __lock.LIBCMT ref: 00F757BF
              • ___addlocaleref.LIBCMT ref: 00F757DD
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
              • String ID: KERNEL32.DLL
              • API String ID: 637971194-2576044830
              • Opcode ID: 0516eed2500e2c7981571ca41433e31e84efe1262071c9574328a4d7381224f4
              • Instruction ID: b86249bb5f7534b370dbd1466059284dc9eca67959c10b9a5da1a73fb25b984f
              • Opcode Fuzzy Hash: 0516eed2500e2c7981571ca41433e31e84efe1262071c9574328a4d7381224f4
              • Instruction Fuzzy Hash: E1018E71540B05AFE720AF65CC0A749BBE0AF00720F10C90FE49E562A1CBF8AA45EB12
              Function 00F74EDC Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __getptd.LIBCMT ref: 00F74EE8
                • Part of subcall function 00F75886: __getptd_noexit.LIBCMT ref: 00F75889
                • Part of subcall function 00F75886: __amsg_exit.LIBCMT ref: 00F75896
              • __amsg_exit.LIBCMT ref: 00F74F08
              • __lock.LIBCMT ref: 00F74F18
              • InterlockedDecrement.KERNEL32(?), ref: 00F74F35
              • _free.LIBCMT ref: 00F74F48
              • InterlockedIncrement.KERNEL32(00EE1660), ref: 00F74F60
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
              • String ID:
              • API String ID: 3470314060-0
              • Opcode ID: d34ef3a7268466d595fa323981d364a4b4d9aaed5030cfd8d105bf7ca202f047
              • Instruction ID: c5be493c92538ec0675873e0ab348ac03c1a660fae1e59c842de71d3127e7d63
              • Opcode Fuzzy Hash: d34ef3a7268466d595fa323981d364a4b4d9aaed5030cfd8d105bf7ca202f047
              • Instruction Fuzzy Hash: 6E018431D01625ABE751AB289D057ED73A1AF04730F548017E41CA7291CB78B981FFE7
              Function 00F71F10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72processCOMMON
              Download Yara Rule
              APIs
              • GetTempPathA.KERNEL32(00000100,?), ref: 00F71F31
              • _memset.LIBCMT ref: 00F71F43
              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00F71FAD
              • CloseHandle.KERNEL32(?,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00F71FD7
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: CloseCreateHandlePathProcessTemp_memset
              • String ID: D
              • API String ID: 2237058899-2746444292
              • Opcode ID: 11b14525ffb8f7c680f190a65108b1329e553a473f018354a5dd1f260e3f1698
              • Instruction ID: 1eaf6227acf1b9f0891b9a1569bafd023a5ee08a6a03ec14e68531e140cc5923
              • Opcode Fuzzy Hash: 11b14525ffb8f7c680f190a65108b1329e553a473f018354a5dd1f260e3f1698
              • Instruction Fuzzy Hash: 9F216571E0021C9BD764DB64DC82BEAB7B4EB48700F1041AAE60DD6180DA755E849BD5
              Function 00F71720 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: Version$_memsetwsprintf
              • String ID: %d.%d
              • API String ID: 3402264179-3954714993
              • Opcode ID: 4f9c573f43b6cda254548f2c5a729c0dc3c8b0b55084c49ec8cf851dd500eebc
              • Instruction ID: 3ba530e689459c792660bc326423078880204f72483fc50e0ede74cdd3c85e55
              • Opcode Fuzzy Hash: 4f9c573f43b6cda254548f2c5a729c0dc3c8b0b55084c49ec8cf851dd500eebc
              • Instruction Fuzzy Hash: 03115E31E002189EDB24DB689C41FBEB778AF06310F4041DAE80D97242DA705E49AB93
              Function 00F7565D Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • __getptd.LIBCMT ref: 00F75669
                • Part of subcall function 00F75886: __getptd_noexit.LIBCMT ref: 00F75889
                • Part of subcall function 00F75886: __amsg_exit.LIBCMT ref: 00F75896
              • __getptd.LIBCMT ref: 00F75680
              • __amsg_exit.LIBCMT ref: 00F7568E
              • __lock.LIBCMT ref: 00F7569E
              • __updatetlocinfoEx_nolock.LIBCMT ref: 00F756B2
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
              • String ID:
              • API String ID: 938513278-0
              • Opcode ID: db69a9f9af53c3fea394c8c307e73a223bd91d3b6ca6eac1caf2a9cd8a758af1
              • Instruction ID: 44d5d10db8fadb4eaa22764c03b1a6d8586df9a80b6aa3a99a829398acea5fe0
              • Opcode Fuzzy Hash: db69a9f9af53c3fea394c8c307e73a223bd91d3b6ca6eac1caf2a9cd8a758af1
              • Instruction Fuzzy Hash: B0F06D32D45B109BF624BB789D02B5D3290AF00F20FA1C10BE41C6B2D2DBAC6950BA5B
              Function 00F71899 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: _sprintf$_free
              • String ID: %2.2X
              • API String ID: 371584759-791839006
              • Opcode ID: 35954b77c69dab807bdaadf6fb6048475a49cc18a19101e652d1c9913de9b3c4
              • Instruction ID: 7c1c34fec967e78b67c2018a41c7fa54682437659c7a570430e44eb929062b7e
              • Opcode Fuzzy Hash: 35954b77c69dab807bdaadf6fb6048475a49cc18a19101e652d1c9913de9b3c4
              • Instruction Fuzzy Hash: 67212C31D002598BCB21CF68DC91BEAB3B5FF85344F04C5AAD9DD9B101D631AA4DDB82
              Function 00F7A3C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00F7A3FD
              • __isleadbyte_l.LIBCMT ref: 00F7A430
              • MultiByteToWideChar.KERNEL32(0FF6850C,00000009,?,FFFFF890,00000000,00000000,?,?,?,00F71937,?,00000000), ref: 00F7A461
              • MultiByteToWideChar.KERNEL32(0FF6850C,00000009,?,00000001,00000000,00000000,?,?,?,00F71937,?,00000000), ref: 00F7A4CF
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
              • String ID:
              • API String ID: 3058430110-0
              • Opcode ID: 32d6622d0ccfc5ff28e325d7a5797a17f2ce5798425c91a2edf59789103dcfe2
              • Instruction ID: 5bee4628b4495690284f1c78aa6bd09781f756a91b8fc9bcba2ae3afbce3b676
              • Opcode Fuzzy Hash: 32d6622d0ccfc5ff28e325d7a5797a17f2ce5798425c91a2edf59789103dcfe2
              • Instruction Fuzzy Hash: 3131C431910245EFDB21DF64D888A6E3BA5FF41321B16C56AF4688B1A1D372DD80EB53
              Function 00F73469 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
              Download Yara Rule
              APIs
              • _malloc.LIBCMT ref: 00F73483
                • Part of subcall function 00F72E06: __FF_MSGBANNER.LIBCMT ref: 00F72E1F
                • Part of subcall function 00F72E06: __NMSG_WRITE.LIBCMT ref: 00F72E26
                • Part of subcall function 00F72E06: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,20141104,?,00F7182C,00000288), ref: 00F72E4B
              • std::exception::exception.LIBCMT ref: 00F734B8
              • std::exception::exception.LIBCMT ref: 00F734D2
              • __CxxThrowException@8.LIBCMT ref: 00F734E3
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
              • String ID:
              • API String ID: 615853336-0
              • Opcode ID: 443c64d21f637dd2d5d92f5013b520702b766df0f54d4e5d5ac1e20399c56829
              • Instruction ID: 0d2af602b0efba8d6498189cff6d76299a625bfca6d99440efccab40aea248b5
              • Opcode Fuzzy Hash: 443c64d21f637dd2d5d92f5013b520702b766df0f54d4e5d5ac1e20399c56829
              • Instruction Fuzzy Hash: 18F08131A00209AACB65EF55DC02EEE36A8AB40314F50C05BF54CD6092DF749A05F7D3
              Function 00F72910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50stringCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.2667641986.0000000000F71000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F70000, based on PE: true
              • Associated: 00000001.00000002.2667620893.0000000000F70000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667665854.0000000000F7C000.00000002.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667688376.0000000000F80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000001.00000002.2667707558.0000000000F84000.00000002.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_f70000_guifx.jbxd
              Similarity
              • API ID: lstrcpy
              • String ID: 165.194.123.67
              • API String ID: 3722407311-1981005002
              • Opcode ID: 8a5d1f822dc4111d96a583a66b6bbee7f7bea4ecf039554b08f086279a4ff30d
              • Instruction ID: 43991baebaf86433355b6da599f6975fc04b4f68a66ac615e31d8e7de508ab6a
              • Opcode Fuzzy Hash: 8a5d1f822dc4111d96a583a66b6bbee7f7bea4ecf039554b08f086279a4ff30d
              • Instruction Fuzzy Hash: 680149719041996BDB654B28CC90BB5B7B4EB09310F4CC067E28E8B202C231DC91B3D3