Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
R4WCgDAfHB.exe

Overview

General Information

Sample name:R4WCgDAfHB.exe
renamed because original name is a hash value
Original sample name:8595a9cecbac3bd363c30c7ab2bec849.exe
Analysis ID:1532151
MD5:8595a9cecbac3bd363c30c7ab2bec849
SHA1:5a154a7472cc4afa18f414a3edf8f3ff7a2a51e2
SHA256:df2b80bb68e829de13051a9781e096b095a90b676ab1f974284bad8609775040
Tags:exeuser-abuse_ch
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Connects to many different private IPs (likely to spread or exploit)
Connects to many different private IPs via SMB (likely to spread or exploit)
Deletes itself after installation
Drops HTML or HTM files to system directories
Drops executables to the windows directory (C:\Windows) and starts them
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sigma detected: Suspicious Epmap Connection
Uses dynamic DNS services
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • R4WCgDAfHB.exe (PID: 7276 cmdline: "C:\Users\user\Desktop\R4WCgDAfHB.exe" MD5: 8595A9CECBAC3BD363C30C7AB2BEC849)
    • NvwmiShell.exe (PID: 7360 cmdline: "C:\Windows\SystemNvwmiShell\NvwmiShell.exe" MD5: FC4FBC1A020E2DC3D073C666684B5C6A)
  • NvwmiShell.exe (PID: 7380 cmdline: C:\Windows\SystemNvwmiShell\NvwmiShell.exe MD5: FC4FBC1A020E2DC3D073C666684B5C6A)
    • cmd.exe (PID: 8060 cmdline: "C:\Windows\System32\cmd.exe" /c netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 8124 cmdline: netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
    • HelpSystem.exe (PID: 4296 cmdline: "C:\Program Files (x86)\Microsoft Network\HelpSystem.exe" 1 MD5: 34B640C3E7AE045FE1F156B755BB0BE7)
      • conhost.exe (PID: 3844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Network64.exe (PID: 2996 cmdline: "C:\Program Files (x86)\Microsoft Network\Network64.exe" Yde5fFJFjShqKS+u9okdyvP/pj9kg/bQNXV+USrRGaecQs8AdtikoR9wVLreBlqoPAFr/LRRDydtLzX5YzQgQ1GCivTcd3opL1Xfv4SzrZQOBZVgTwOiPgknymhzPAuX3kaHX0i00NQybzCyaJaj7nJOK0DHJVp09YDF1A== MD5: A09B6784FF89670772817524BFE41A76)
      • conhost.exe (PID: 180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.4141872839.00000000009EA000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
    00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      0000000C.00000001.2805127434.0000000000401000.00000020.00000001.01000000.00000009.sdmpLinux_Trojan_Pornoasset_927f314funknownunknown
      • 0x13ded8:$a: C3 D3 CB D3 C3 48 31 C3 48 0F AF F0 48 0F AF F0 48 0F AF F0 48
      0000000C.00000000.2804854911.00000000009EA000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        0000000C.00000002.4141120724.0000000000401000.00000020.00000001.01000000.00000009.sdmpLinux_Trojan_Pornoasset_927f314funknownunknown
        • 0x13ded8:$a: C3 D3 CB D3 C3 48 31 C3 48 0F AF F0 48 0F AF F0 48 0F AF F0 48
        Click to see the 4 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        10.2.HelpSystem.exe.400000.0.unpackAPT17_Sample_FXSST_DLLDetects Samples related to APT17 activity - file FXSST.DLLFlorian Roth
        • 0x51390:$x1: Microsoft? Windows? Operating System
        • 0x9938:$s1: GetLastActivePopup
        • 0x3c1b3:$s2: Sleep
        • 0x3c1e0:$s3: GetModuleFileName
        • 0x3c017:$s4: VirtualProtect
        • 0x5163c:$s4: VirtualProtect
        • 0x3c087:$s5: HeapAlloc
        • 0x3c06a:$s6: GetProcessHeap
        • 0x3c0c2:$s7: GetCommandLine
        2.3.NvwmiShell.exe.217731f.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          2.3.NvwmiShell.exe.217731f.0.unpackMALWARE_Win_CoinMiner02Detects coinmining malwareditekSHen
          • 0x6408d9:$s1: %s/%s (Windows NT %lu.%lu
          • 0x645148:$s3: \\.\WinRing0_
          • 0x5edb1a:$s4: pool_wallet
          • 0x5ea5a0:$s5: cryptonight
          • 0x5ea5ae:$s5: cryptonight
          • 0x5ea5bd:$s5: cryptonight
          • 0x5ea5cb:$s5: cryptonight
          • 0x5ea5e0:$s5: cryptonight
          • 0x5ea5ef:$s5: cryptonight
          • 0x5ea5fd:$s5: cryptonight
          • 0x5ea612:$s5: cryptonight
          • 0x5ea621:$s5: cryptonight
          • 0x5ea632:$s5: cryptonight
          • 0x5ea649:$s5: cryptonight
          • 0x5ea657:$s5: cryptonight
          • 0x5ea665:$s5: cryptonight
          • 0x5ea675:$s5: cryptonight
          • 0x5ea687:$s5: cryptonight
          • 0x5ea698:$s5: cryptonight
          • 0x5ea6a8:$s5: cryptonight
          • 0x5ea6b8:$s5: cryptonight
          12.0.Network64.exe.400000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            12.0.Network64.exe.400000.0.unpackLinux_Trojan_Pornoasset_927f314funknownunknown
            • 0x13eed8:$a: C3 D3 CB D3 C3 48 31 C3 48 0F AF F0 48 0F AF F0 48 0F AF F0 48
            Click to see the 6 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious Epmap Connection
            Source: Network ConnectionAuthor: frack113, Tim Shelton (fps): Data: DestinationIp: 192.168.2.1, DestinationIsIpv6: false, DestinationPort: 135, EventID: 3, Image: C:\Program Files (x86)\Microsoft Network\HelpSystem.exe, Initiated: true, ProcessId: 4296, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 50574

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-12T16:39:54.910290+020028304831A Network Trojan was detected192.168.2.450024114.215.199.19280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: R4WCgDAfHB.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeAvira: detection malicious, Label: TR/Agent.fvzxi
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeAvira: detection malicious, Label: TR/CoinMiner.ivyoo
            Multi AV Scanner detection for domain / URL
            Source: contr.netmows.comVirustotal: Detection: 5%Perma Link
            Source: http://appbols.vivoios.com:8587/smb.exeVirustotal: Detection: 8%Perma Link
            Multi AV Scanner detection for submitted file
            Source: R4WCgDAfHB.exeReversingLabs: Detection: 81%
            Source: R4WCgDAfHB.exeVirustotal: Detection: 79%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: R4WCgDAfHB.exeJoe Sandbox ML: detected

            Exploits

            barindex
            Connects to many different private IPs (likely to spread or exploit)
            Source: global trafficTCP traffic: 192.168.0.2:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.1:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.4:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.3:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.0:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.14:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.9:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.15:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.16:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.17:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.6:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.18:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.5:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.19:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.8:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.7:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.20:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.21:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.22:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.23:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.24:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.94:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.95:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.96:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.97:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.10:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.98:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.127:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.11:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.99:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.126:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.12:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.13:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.123:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.122:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.125:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.124:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.90:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.91:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.92:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.121:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.93:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.120:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.83:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.84:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.85:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.86:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.87:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.88:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.89:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.80:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.81:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.82:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.69:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.72:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.73:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.74:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.75:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.76:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.77:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.78:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.79:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.70:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.71:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.58:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.59:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.61:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.62:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.63:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.64:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.65:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.66:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.67:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.68:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.60:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.47:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.48:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.49:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.50:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.51:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.52:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.53:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.54:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.55:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.56:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.57:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.36:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.37:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.38:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.39:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.40:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.119:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.41:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.42:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.43:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.116:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.44:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.115:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.45:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.118:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.46:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.117:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.112:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.111:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.114:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.113:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.110:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.25:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.26:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.27:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.28:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.29:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.109:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.108:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.30:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.31:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.32:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.105:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.33:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.104:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.34:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.107:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.35:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.106:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.101:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.100:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.103:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.102:445Jump to behavior
            Connects to many different private IPs via SMB (likely to spread or exploit)
            Source: global trafficTCP traffic: 192.168.0.2:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.1:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.4:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.3:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.0:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.14:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.9:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.15:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.16:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.17:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.6:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.18:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.5:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.19:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.8:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.7:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.20:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.21:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.22:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.23:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.24:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.94:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.95:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.96:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.97:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.10:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.98:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.127:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.11:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.99:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.126:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.12:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.13:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.123:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.122:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.125:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.124:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.90:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.91:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.92:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.121:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.93:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.120:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.83:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.84:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.85:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.86:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.87:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.88:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.89:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.80:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.81:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.82:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.69:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.72:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.73:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.74:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.75:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.76:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.77:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.78:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.79:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.70:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.71:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.58:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.59:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.61:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.62:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.63:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.64:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.65:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.66:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.67:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.68:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.60:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.47:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.48:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.49:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.50:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.51:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.52:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.53:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.54:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.55:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.56:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.57:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.36:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.37:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.38:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.39:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.40:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.119:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.41:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.42:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.43:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.116:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.44:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.115:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.45:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.118:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.46:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.117:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.112:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.111:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.114:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.113:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.110:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.25:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.26:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.27:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.28:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.29:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.109:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.108:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.30:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.31:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.32:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.105:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.33:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.104:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.34:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.107:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.35:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.106:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.101:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.100:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.103:445Jump to behavior
            Source: global trafficTCP traffic: 192.168.0.102:445Jump to behavior

            Bitcoin Miner

            barindex
            Yara detected Xmrig cryptocurrency miner
            Source: Yara matchFile source: 2.3.NvwmiShell.exe.217731f.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 12.0.Network64.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 12.2.Network64.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4141872839.00000000009EA000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000000.2804854911.00000000009EA000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: NvwmiShell.exe PID: 7380, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Network64.exe PID: 2996, type: MEMORYSTR
            Found strings related to Crypto-Mining
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: stratum+ssl://
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cryptonight/0
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: stratum+tcp://
            Source: R4WCgDAfHB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: R4WCgDAfHB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, WinRing0x64.sys.2.dr

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2830483 - Severity 1 - ETPRO MALWARE Observed Malicious User-Agent (WinInetGet/) : 192.168.2.4:50024 -> 114.215.199.192:80
            Uses dynamic DNS services
            Source: unknownDNS query: name: ddns.oray.com
            Source: global trafficTCP traffic: 192.168.2.4:49746 -> 45.137.222.18:8686
            Source: global trafficTCP traffic: 192.168.2.4:50036 -> 141.255.164.11:5582
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10004960 select,__WSAFDIsSet,recv,1_3_10004960
            Source: global trafficHTTP traffic detected: GET /checkip HTTP/1.1User-Agent: WinInetGet/0.1Host: ddns.oray.comCache-Control: no-cache
            Source: global trafficDNS traffic detected: DNS query: contr.netmows.com
            Source: global trafficDNS traffic detected: DNS query: ddns.oray.com
            Source: global trafficDNS traffic detected: DNS query: pool.autocoreb.com
            Source: HelpSystem.exe, HelpSystem.exe, 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://appbols.vivoios.com:8587/smb.exe
            Source: HelpSystem.exe, 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://appbols.vivoios.com:8587/smb.exeX
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
            Source: NvwmiShell.exe, 00000002.00000003.2781877794.0000000004970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesi
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000003F70000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000004970000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000005D70000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000005370000.00000004.00000020.00020000.00000000.sdmp, HelpSystem.exe.2.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, WinRing0x64.sys.2.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, WinRing0x64.sys.2.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, WinRing0x64.sys.2.drString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, WinRing0x64.sys.2.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://crl.globalsign.net/root.crl0
            Source: HelpSystem.exe, 0000000A.00000002.4141453934.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ddns.oray.com/checkip
            Source: HelpSystem.exe, 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://ddns.oray.com/checkip(
            Source: HelpSystem.exe, 0000000A.00000002.4141453934.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ddns.oray.com/checkip7
            Source: HelpSystem.exe, 0000000A.00000002.4141453934.00000000006E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ddns.oray.com/checkipSystem32
            Source: HelpSystem.exe, 0000000A.00000002.4141453934.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ddns.oray.com/checkipl
            Source: NvwmiShell.exe, 00000002.00000003.2781877794.0000000003F70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.global
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000003F70000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000004970000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000005D70000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000005370000.00000004.00000020.00020000.00000000.sdmp, HelpSystem.exe.2.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://s.symcd.com06
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://s2.symcb.com0
            Source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000003F70000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000004970000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000005D70000.00000004.00000020.00020000.00000000.sdmp, NvwmiShell.exe, 00000002.00000003.2781877794.0000000005370000.00000004.00000020.00020000.00000000.sdmp, HelpSystem.exe.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://sf.symcb.com/sf.crt0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://sf.symcd.com0&
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://sv.symcd.com0&
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://www.360.cn
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
            Source: NvwmiShell.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
            Source: R4WCgDAfHB.exe, HelpSystem.exe.2.dr, NvwmiShell.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
            Source: R4WCgDAfHB.exe, NvwmiShell.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/03
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_008891F1 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,1_2_008891F1

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 10.2.HelpSystem.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Samples related to APT17 activity - file FXSST.DLL Author: Florian Roth
            Source: 2.3.NvwmiShell.exe.217731f.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
            Source: 12.0.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: 12.0.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
            Source: 12.2.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: 12.2.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
            Source: 2.3.NvwmiShell.exe.217731f.0.raw.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: 2.3.NvwmiShell.exe.21630df.3.raw.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: 0000000C.00000001.2805127434.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: 0000000C.00000002.4141120724.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: 0000000C.00000000.2804283551.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: 00000002.00000003.2738458849.0000000002163000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeProcess Stats: CPU usage > 49%
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Program Files (x86)\Microsoft Network\WinRing0x64.sysJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeFile created: C:\Windows\SystemNvwmiShellJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeFile created: C:\Windows\SystemNvwmiShell\NvwmiShell.exeJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Windows\SystemNvwmiShell\NvwmiShell.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\CachesJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PeerDistRepubJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\checkip[1].htmJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeFile deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\checkip[1].htmJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_1000ED131_3_1000ED13
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_100072451_3_10007245
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_1000F2571_3_1000F257
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_1001065D1_3_1001065D
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10002B001_3_10002B00
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_1000AF8B1_3_1000AF8B
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_1000F79B1_3_1000F79B
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_008908D81_2_008908D8
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_008900F81_2_008900F8
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0089C2831_2_0089C283
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0088AA491_2_0088AA49
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0089E3F11_2_0089E3F1
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_008904CC1_2_008904CC
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_00890CF81_2_00890CF8
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0089D4031_2_0089D403
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0088FC231_2_0088FC23
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0089CD0B1_2_0089CD0B
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0089C7C71_2_0089C7C7
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_008927691_2_00892769
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_00402D3A10_2_00402D3A
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_10006BB910_2_10006BB9
            Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft Network\WinRing0x64.sys 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: String function: 0088F10F appears 66 times
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: String function: 008912C0 appears 44 times
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: String function: 10007180 appears 31 times
            Source: R4WCgDAfHB.exeStatic PE information: invalid certificate
            Source: R4WCgDAfHB.exe, 00000000.00000000.1682546809.00000000003EC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNvwmi64.exeH vs R4WCgDAfHB.exe
            Source: R4WCgDAfHB.exe, 00000000.00000003.1691860964.00000000031FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNvwmi64.exeH vs R4WCgDAfHB.exe
            Source: R4WCgDAfHB.exe, 00000000.00000003.1718951677.0000000007D76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNvwmi64.exeH vs R4WCgDAfHB.exe
            Source: R4WCgDAfHB.exeBinary or memory string: OriginalFilenameNvwmi64.exeH vs R4WCgDAfHB.exe
            Source: R4WCgDAfHB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 10.2.HelpSystem.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: APT17_Sample_FXSST_DLL date = 2015-05-14, author = Florian Roth, description = Detects Samples related to APT17 activity - file FXSST.DLL, reference = https://goo.gl/ZiJyQv, hash = 52f1add5ad28dc30f68afda5d41b354533d8bce3
            Source: 2.3.NvwmiShell.exe.217731f.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
            Source: 12.0.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: 12.0.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
            Source: 12.2.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: 12.2.Network64.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
            Source: 2.3.NvwmiShell.exe.217731f.0.raw.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: 2.3.NvwmiShell.exe.21630df.3.raw.unpack, type: UNPACKEDPEMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: 0000000C.00000001.2805127434.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: 0000000C.00000002.4141120724.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: 0000000C.00000000.2804283551.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: 00000002.00000003.2738458849.0000000002163000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: WinRing0x64.sys.2.drBinary string: \Device\WinRing0_1_2_0
            Source: classification engineClassification label: mal100.troj.expl.evad.mine.winEXE@15/8@6/100
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_100016E0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,1_3_100016E0
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_10002800 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,10_2_10002800
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: _memset,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,UnlockServiceDatabase,StartServiceA,GetLastError,OpenServiceA,StartServiceA,StartServiceA,RegOpenKeyA,lstrlen,RegSetValueExA,RegCloseKey,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,1_3_100019D0
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_00882035 FindResourceA,1_2_00882035
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_100019D0 _memset,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,UnlockServiceDatabase,StartServiceA,GetLastError,OpenServiceA,StartServiceA,StartServiceA,RegOpenKeyA,lstrlen,RegSetValueExA,RegCloseKey,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,1_3_100019D0
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10001D30 Sleep,StartServiceCtrlDispatcherA,1_3_10001D30
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Program Files (x86)\Microsoft NetworkJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8080:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3844:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:180:120:WilError_03
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCommand line argument: X@10_2_00405830
            Source: R4WCgDAfHB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: R4WCgDAfHB.exeReversingLabs: Detection: 81%
            Source: R4WCgDAfHB.exeVirustotal: Detection: 79%
            Source: Network64.exeString found in binary or memory: --help
            Source: Network64.exeString found in binary or memory: --help
            Source: Network64.exeString found in binary or memory: rget,jit_inst,jit_prefetch_vgpr_index,jit_vmcnt,batch_size); if(p-start_p>size_limit) { *(p++)=S_SETPC_B64_S12_13; return p; } } while (!done); } *(p++)=S_SETPC_B64_S12_13; return p; } __attribute__((reqd_work_group_size(64,1,1))) __kernel void randomx_jit(_
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeFile read: C:\Users\user\Desktop\R4WCgDAfHB.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\R4WCgDAfHB.exe "C:\Users\user\Desktop\R4WCgDAfHB.exe"
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess created: C:\Windows\SystemNvwmiShell\NvwmiShell.exe "C:\Windows\SystemNvwmiShell\NvwmiShell.exe"
            Source: unknownProcess created: C:\Windows\SystemNvwmiShell\NvwmiShell.exe C:\Windows\SystemNvwmiShell\NvwmiShell.exe
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Program Files (x86)\Microsoft Network\HelpSystem.exe "C:\Program Files (x86)\Microsoft Network\HelpSystem.exe" 1
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Program Files (x86)\Microsoft Network\Network64.exe "C:\Program Files (x86)\Microsoft Network\Network64.exe" Yde5fFJFjShqKS+u9okdyvP/pj9kg/bQNXV+USrRGaecQs8AdtikoR9wVLreBlqoPAFr/LRRDydtLzX5YzQgQ1GCivTcd3opL1Xfv4SzrZQOBZVgTwOiPgknymhzPAuX3kaHX0i00NQybzCyaJaj7nJOK0DHJVp09YDF1A==
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess created: C:\Windows\SystemNvwmiShell\NvwmiShell.exe "C:\Windows\SystemNvwmiShell\NvwmiShell.exe" Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Program Files (x86)\Microsoft Network\HelpSystem.exe "C:\Program Files (x86)\Microsoft Network\HelpSystem.exe" 1Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Program Files (x86)\Microsoft Network\Network64.exe "C:\Program Files (x86)\Microsoft Network\Network64.exe" Yde5fFJFjShqKS+u9okdyvP/pj9kg/bQNXV+USrRGaecQs8AdtikoR9wVLreBlqoPAFr/LRRDydtLzX5YzQgQ1GCivTcd3opL1Xfv4SzrZQOBZVgTwOiPgknymhzPAuX3kaHX0i00NQybzCyaJaj7nJOK0DHJVp09YDF1A==Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"Jump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: winrnr.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: napinsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: pnrpnsp.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: wshbth.dllJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: R4WCgDAfHB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: NvwmiShell.exe, 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, WinRing0x64.sys.2.dr
            Source: R4WCgDAfHB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: R4WCgDAfHB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: R4WCgDAfHB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: R4WCgDAfHB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: R4WCgDAfHB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10001C50 LoadLibraryW,GetProcAddress,FreeLibrary,1_3_10001C50
            Source: R4WCgDAfHB.exeStatic PE information: real checksum: 0x65ed9 should be: 0x67b71
            Source: Network64.exe.2.drStatic PE information: section name: .xdata
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10007851 push ecx; ret 1_3_10007864
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10017D60 push ebx; retf 1_3_10017D69
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_100171E8 push eax; iretd 1_3_100171E9
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10021F82 push 86867811h; iretd 1_3_10021F87
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0088F1E7 push ecx; ret 1_2_0088F1FA
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_00891305 push ecx; ret 1_2_00891318
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_00403461 push ecx; ret 10_2_00403474
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_0043C7FE push eax; iretd 10_2_0043C800
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_1000C574 push ecx; ret 10_2_1000C587
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_100071C5 push ecx; ret 10_2_100071D8
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1

            Persistence and Installation Behavior

            barindex
            Drops HTML or HTM files to system directories
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\checkip[1].htmJump to behavior
            Drops executables to the windows directory (C:\Windows) and starts them
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeExecutable created and started: C:\Windows\SystemNvwmiShell\NvwmiShell.exeJump to behavior
            Sample is not signed and drops a device driver
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Program Files (x86)\Microsoft Network\WinRing0x64.sysJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeFile created: C:\Windows\SystemNvwmiShell\NvwmiShell.exeJump to dropped file
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Program Files (x86)\Microsoft Network\WinRing0x64.sysJump to dropped file
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Program Files (x86)\Microsoft Network\Network64.exeJump to dropped file
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile created: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeJump to dropped file
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeFile created: C:\Windows\SystemNvwmiShell\NvwmiShell.exeJump to dropped file
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetCellcore NvwmiShellsJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetCellcore NvwmiShellsJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_100019D0 _memset,OpenSCManagerA,CreateServiceA,LockServiceDatabase,ChangeServiceConfig2A,UnlockServiceDatabase,StartServiceA,GetLastError,OpenServiceA,StartServiceA,StartServiceA,RegOpenKeyA,lstrlen,RegSetValueExA,RegCloseKey,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,1_3_100019D0

            Hooking and other Techniques for Hiding and Protection

            barindex
            Deletes itself after installation
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeFile deleted: c:\users\user\desktop\r4wcgdafhb.exeJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_00886B5A IsIconic,GetWindowPlacement,GetWindowRect,1_2_00886B5A
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Query firmware table information (likely to detect VMs)
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeSystem information queried: FirmwareTableInformationJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: _malloc,GetAdaptersInfo,_malloc,lstrlen,GetAdaptersInfo,10_2_10003100
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeThread delayed: delay time: 3600000Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeWindow / User API: threadDelayed 641Jump to behavior
            Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 4817Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeWindow / User API: threadDelayed 9098Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeWindow / User API: threadDelayed 892Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_10-10890
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeDropped PE file which has not been started: C:\Windows\SystemNvwmiShell\NvwmiShell.exeJump to dropped file
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Network\WinRing0x64.sysJump to dropped file
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_10-11211
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_1-14838
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_1-14936
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_10-9984
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exe TID: 7416Thread sleep count: 143 > 30Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exe TID: 7412Thread sleep count: 117 > 30Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exe TID: 7412Thread sleep time: -421200000s >= -30000sJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exe TID: 8072Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exe TID: 8072Thread sleep time: -36000s >= -30000sJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exe TID: 6752Thread sleep count: 53 > 30Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exe TID: 6752Thread sleep time: -53000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exe TID: 5592Thread sleep count: 641 > 30Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exe TID: 5940Thread sleep count: 9098 > 30Jump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exe TID: 3300Thread sleep count: 892 > 30Jump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeLast function: Thread delayed
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeThread delayed: delay time: 3600000Jump to behavior
            Source: Network64.exe, 0000000C.00000002.4142356939.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWo
            Source: HelpSystem.exe, 0000000A.00000002.4141453934.00000000006E2000.00000004.00000020.00020000.00000000.sdmp, HelpSystem.exe, 0000000A.00000002.4141453934.000000000069A000.00000004.00000020.00020000.00000000.sdmp, Network64.exe, 0000000C.00000002.4142356939.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Network64.exe, 0000000C.00000002.4142356939.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: HelpSystem.exe, 0000000A.00000002.4141453934.00000000006E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx<
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeAPI call chain: ExitProcess graph end nodegraph_1-14937
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeAPI call chain: ExitProcess graph end nodegraph_10-9986
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10006718 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_3_10006718
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10001C50 LoadLibraryW,GetProcAddress,FreeLibrary,1_3_10001C50
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10002840 FreeLibrary,FreeLibrary,VirtualFree,GetProcessHeap,HeapFree,1_3_10002840
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10006718 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_3_10006718
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_1000FF2F _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_3_1000FF2F
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_100053BA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_3_100053BA
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_00893AAA SetUnhandledExceptionFilter,1_2_00893AAA
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_00897AEE __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00897AEE
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_008953AB _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_008953AB
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_2_0088E5F7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0088E5F7
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_00402033 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00402033
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_004078F8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,__amsg_exit,10_2_004078F8
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_00405085 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00405085
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_00403CAE SetUnhandledExceptionFilter,10_2_00403CAE
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_1000628F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_1000628F
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_10003C98 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_10003C98
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: 10_2_1000C59A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_1000C59A
            Source: C:\Users\user\Desktop\R4WCgDAfHB.exeProcess created: C:\Windows\SystemNvwmiShell\NvwmiShell.exe "C:\Windows\SystemNvwmiShell\NvwmiShell.exe" Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"Jump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,1_2_00882175
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: GetLocaleInfoA,1_2_0089BF26
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: GetLocaleInfoA,10_2_00407A18
            Source: C:\Program Files (x86)\Microsoft Network\HelpSystem.exeCode function: GetLocaleInfoA,10_2_1000D85B
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_1000516E GetSystemTimeAsFileTime,__aulldiv,1_3_1000516E
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeCode function: 1_3_10001CA0 _memset,GetVersionExA,1_3_10001CA0
            Source: C:\Program Files (x86)\Microsoft Network\Network64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Modifies the windows firewall
            Source: C:\Windows\SystemNvwmiShell\NvwmiShell.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"
            Uses netsh to modify the Windows network and firewall settings
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Native API            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		2
            Disable or Modify Tools            		1
            Input Capture            		1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		2
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts3
            Command and Scripting Interpreter            		33
            Windows Service            		1
            Access Token Manipulation            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory1
            File and Directory Discovery            		Remote Desktop Protocol1
            Input Capture            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts2
            Service Execution            		Logon Script (Windows)33
            Windows Service            		21
            Obfuscated Files or Information            		Security Account Manager24
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Standard Port            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
            Process Injection            		1
            Software Packing            		NTDS1
            Network Share Discovery            		Distributed Component Object ModelInput Capture2
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA Secrets121
            Security Software Discovery            		SSHKeylogging12
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
            File Deletion            		Cached Domain Credentials1
            Process Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
            Masquerading            		DCSync121
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job121
            Virtualization/Sandbox Evasion            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Access Token Manipulation            		/etc/passwd and /etc/shadow1
            System Network Configuration Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
            Process Injection            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532151 Sample: R4WCgDAfHB.exe Startdate: 12/10/2024 Architecture: WINDOWS Score: 100 43 ddns.oray.com 2->43 45 pool.autocoreb.com 2->45 47 contr.netmows.com 2->47 69 Multi AV Scanner detection for domain / URL 2->69 71 Suricata IDS alerts for network traffic 2->71 73 Malicious sample detected (through community Yara rule) 2->73 77 8 other signatures 2->77 8 NvwmiShell.exe 11 2->8         started        12 R4WCgDAfHB.exe 1 3 2->12         started        signatures3 75 Uses dynamic DNS services 43->75 process4 file5 33 C:\Program Files (x86)\...\WinRing0x64.sys, PE32+ 8->33 dropped 35 C:\Program Files (x86)\...35etwork64.exe, PE32+ 8->35 dropped 37 C:\Program Files (x86)\...\HelpSystem.exe, PE32 8->37 dropped 79 Found strings related to Crypto-Mining 8->79 81 Deletes itself after installation 8->81 83 Sample is not signed and drops a device driver 8->83 14 HelpSystem.exe 14 8->14         started        19 cmd.exe 1 8->19         started        21 Network64.exe 1 8->21         started        39 C:\Windows\SystemNvwmiShell39vwmiShell.exe, PE32 12->39 dropped 85 Drops executables to the windows directory (C:\Windows) and starts them 12->85 23 NvwmiShell.exe 1 12->23         started        signatures6 process7 dnsIp8 49 192.168.12.100 unknown unknown 14->49 51 192.168.12.101 unknown unknown 14->51 53 98 other IPs or domains 14->53 41 C:\Windows\SysWOW64\config\...\checkip[1].htm, ASCII 14->41 dropped 55 Connects to many different private IPs via SMB (likely to spread or exploit) 14->55 57 Connects to many different private IPs (likely to spread or exploit) 14->57 59 Drops HTML or HTM files to system directories 14->59 25 conhost.exe 14->25         started        61 Uses netsh to modify the Windows network and firewall settings 19->61 27 netsh.exe 2 19->27         started        29 conhost.exe 19->29         started        63 Query firmware table information (likely to detect VMs) 21->63 31 conhost.exe 21->31         started        65 Antivirus detection for dropped file 23->65 67 Modifies the windows firewall 23->67 file9 signatures10 process11

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            R4WCgDAfHB.exe82%ReversingLabsWin32.Downloader.Farfli
            R4WCgDAfHB.exe79%VirustotalBrowse
            R4WCgDAfHB.exe100%AviraTR/CoinMiner.acjmz
            R4WCgDAfHB.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Program Files (x86)\Microsoft Network\HelpSystem.exe100%AviraTR/Agent.fvzxi
            C:\Windows\SystemNvwmiShell\NvwmiShell.exe100%AviraTR/CoinMiner.ivyoo
            C:\Program Files (x86)\Microsoft Network\HelpSystem.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Microsoft Network\WinRing0x64.sys5%ReversingLabs
            C:\Program Files (x86)\Microsoft Network\WinRing0x64.sys4%VirustotalBrowse

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            ddns.oray.com0%VirustotalBrowse
            contr.netmows.com5%VirustotalBrowse
            pool.autocoreb.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.symauth.com/cps0(0%URL Reputationsafe
            http://www.symauth.com/rpa000%URL Reputationsafe
            http://ddns.oray.com/checkipl0%VirustotalBrowse
            http://ocsp.global0%VirustotalBrowse
            http://appbols.vivoios.com:8587/smb.exeX3%VirustotalBrowse
            http://ddns.oray.com/checkip(0%VirustotalBrowse
            http://www.360.cn0%VirustotalBrowse
            http://appbols.vivoios.com:8587/smb.exe9%VirustotalBrowse
            http://ddns.oray.com/checkip0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ddns.oray.com
            		114.215.199.192
            		truetrueunknown
            contr.netmows.com
            		45.137.222.18
            		truefalseunknown
            pool.autocoreb.com
            		116.202.251.6
            		truefalseunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://ddns.oray.com/checkiptrueunknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://ddns.oray.com/checkiplHelpSystem.exe, 0000000A.00000002.4141453934.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://ddns.oray.com/checkip(HelpSystem.exe, 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmpfalseunknown
            http://ocsp.globalNvwmiShell.exe, 00000002.00000003.2781877794.0000000003F70000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://ddns.oray.com/checkip7HelpSystem.exe, 0000000A.00000002.4141453934.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://www.360.cnR4WCgDAfHB.exe, NvwmiShell.exe.0.drfalseunknown
              http://www.symauth.com/cps0(R4WCgDAfHB.exe, NvwmiShell.exe.0.drfalse
              • URL Reputation: safe
              		unknown
              http://www.symauth.com/rpa00R4WCgDAfHB.exe, NvwmiShell.exe.0.drfalse
              • URL Reputation: safe
              		unknown
              http://appbols.vivoios.com:8587/smb.exeXHelpSystem.exe, 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpfalseunknown
              http://appbols.vivoios.com:8587/smb.exeHelpSystem.exe, HelpSystem.exe, 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpfalseunknown
              http://ddns.oray.com/checkipSystem32HelpSystem.exe, 0000000A.00000002.4141453934.00000000006E2000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious

                Private

                IP
                192.168.2.148
                192.168.4.67
                192.168.2.149
                192.168.4.68
                192.168.2.146
                192.168.4.65
                192.168.2.147
                192.168.4.66
                192.168.12.127
                192.168.12.128
                192.168.4.69
                192.168.12.129
                192.168.2.140
                192.168.12.123
                192.168.2.141
                192.168.4.60
                192.168.12.124
                192.168.12.125
                192.168.12.126
                192.168.2.144
                192.168.4.63
                192.168.2.145
                192.168.4.64
                192.168.12.120
                192.168.2.142
                192.168.4.61
                192.168.12.121
                192.168.2.143
                192.168.4.62
                192.168.12.122
                192.168.2.159
                192.168.4.56
                192.168.4.57
                192.168.2.157
                192.168.4.54
                192.168.2.158
                192.168.4.55
                192.168.12.116
                192.168.12.117
                192.168.4.58
                192.168.12.118
                192.168.4.59
                192.168.12.119
                192.168.2.151
                192.168.12.112
                192.168.2.152
                192.168.12.113
                192.168.12.114
                192.168.2.150
                192.168.12.115
                192.168.2.155
                192.168.4.52
                192.168.2.156
                192.168.4.53
                192.168.2.153
                192.168.4.50
                192.168.12.110
                192.168.2.154
                192.168.4.51
                192.168.12.111
                192.168.2.126
                192.168.4.45
                192.168.12.109
                192.168.2.127
                192.168.4.46
                192.168.2.124
                192.168.4.43
                192.168.2.125
                192.168.4.44
                192.168.4.49
                192.168.12.105
                192.168.12.106
                192.168.2.128
                192.168.4.47
                192.168.12.107
                192.168.2.129
                192.168.4.48
                192.168.12.108
                192.168.12.101
                192.168.12.102
                192.168.12.103
                192.168.12.104
                192.168.2.122
                192.168.4.41
                192.168.2.123
                192.168.4.42
                192.168.2.120
                192.168.2.121
                192.168.4.40
                192.168.12.100
                192.168.4.29
                192.168.2.137
                192.168.4.34
                192.168.2.138
                192.168.4.35
                192.168.2.135
                192.168.4.32
                192.168.2.136
                192.168.4.33
                192.168.4.38

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1532151
                Start date and time:2024-10-12 16:37:08 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 9m 39s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:R4WCgDAfHB.exe
                renamed because original name is a hash value
                Original Sample Name:8595a9cecbac3bd363c30c7ab2bec849.exe
                Detection:MAL
                Classification:mal100.troj.expl.evad.mine.winEXE@15/8@6/100
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:Failed
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size exceeded maximum capacity and may have missing network information.
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                10:39:47API Interceptor243x Sleep call for process: NvwmiShell.exe modified
                10:41:38API Interceptor1067x Sleep call for process: conhost.exe modified

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                ddns.oray.comSecuriteInfo.com.Trojan.Siggen21.26224.12889.14076.exeGet hashmaliciousUnknownBrowse
                • 114.215.199.192
                SecuriteInfo.com.Trojan.Siggen21.26224.12889.14076.exeGet hashmaliciousUnknownBrowse
                • 114.215.199.192
                SecuriteInfo.com.Trojan.Siggen19.8867.11258.22969.exeGet hashmaliciousUnknownBrowse
                • 114.215.189.130
                SecuriteInfo.com.Trojan.Siggen19.8867.11258.22969.exeGet hashmaliciousUnknownBrowse
                • 114.215.189.130
                W0ICYWz3Jx.exeGet hashmaliciousUnknownBrowse
                • 114.215.189.130

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                C:\Program Files (x86)\Microsoft Network\WinRing0x64.sysGGXhCiYFBw.exeGet hashmaliciousPhorpiex, XmrigBrowse
                  7K5DrSyL8Y.exeGet hashmaliciousXmrigBrowse
                    egFMhHSlmf.exeGet hashmaliciousXmrigBrowse
                      OTm8DpW32j.exeGet hashmaliciousXmrigBrowse
                        zufmUwylvo.exeGet hashmaliciousFlesh Stealer, XmrigBrowse
                          zufmUwylvo.exeGet hashmaliciousXmrigBrowse
                            0NSjUT34gS.exeGet hashmaliciousPhorpiex, XmrigBrowse
                              eshkere.batGet hashmaliciousXmrigBrowse
                                frik.exeGet hashmaliciousXmrigBrowse
                                  Google Chrome.exeGet hashmaliciousXmrigBrowse

                                    Created / dropped Files

                                    C:\Program Files (x86)\Microsoft Network\HelpSystem.exe

                                    Download File
                                    Process:C:\Windows\SystemNvwmiShell\NvwmiShell.exe
                                    File Type:PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
                                    Category:dropped
                                    Size (bytes):89349120
                                    Entropy (8bit):5.314244260726842
                                    Encrypted:false
                                    SSDEEP:6144:E7Ii4Pqe6UxYX914eN4Us7P3BOcbpUt7V7V0s:lJ6sYkeNE7P3E+C7V7V0
                                    MD5:34B640C3E7AE045FE1F156B755BB0BE7
                                    SHA1:AE82A73F4D850D46130CC684B276165EC7EB88EB
                                    SHA-256:479A6E3AC1006682981031EED2FE87281277A22DCFAA7925A2A18E16333595C0
                                    SHA-512:B27D08781FF2C00510EF2371B1AD9F988C568DC7764AD6D754BD9F114CFD8A47EBEFFE28B1416BADA35D86C56D237230B58BD71B46D490BA580A2AF7C907CD10
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    Reputation:low
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#...p...p...p|.:p...p..9p..p../p...p.m.p..p...p...p..(p.p..8p...p..=p...pRich...p................PE..L....9Ic................. ...@....................@.......................... ...........................................................9..............................................................H...........................................UPX0....................................UPX1..... ..........................@....rsrc....@.......<... ..............@......................................................................................................................................................................................................................................................................................................................................................................................................3.94.UPX!....

                                    C:\Program Files (x86)\Microsoft Network\Network64.exe

                                    Download File
                                    Process:C:\Windows\SystemNvwmiShell\NvwmiShell.exe
                                    File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
                                    Category:dropped
                                    Size (bytes):97341952
                                    Entropy (8bit):5.69859973949719
                                    Encrypted:false
                                    SSDEEP:98304:UNVKOOGzixfBKmLyntNUNUUkGxdQQj4FTSVhDALt/W73/ev/ev/egixgixmgRZQR:UPKOOG3duITaFBkkB7Egsp16ziwy0
                                    MD5:A09B6784FF89670772817524BFE41A76
                                    SHA1:602A4AAE75FC66A20E40D7EF91B8BA11C22FE6D3
                                    SHA-256:051D93AE358939785F448AB6BA1E27AC7CAB18B577F5FB03ACF6635C92491E4B
                                    SHA-512:0551B781CEFD49710D953D64EA6F32480F6745AFA9851BAEE8291A9426BF185785BAF12AD3DBDA2E511D663AA6D9654EC4BE61D25C16D448EEA89A98EC73C7E1
                                    Malicious:true
                                    Reputation:low
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...I..d........../.......]..B}...............@.............................. ......8.}....... ..............................................`..x@.....@M...@t.x.............................................r.(....................o...............................text.....].......].................`..`.data.........].......].............@.`..rdata..0.....^.......^.............@.p@.pdata..x....@t......<t.............@.0@.xdata.......0w......"w.............@.@@.bss..........z.......................p..idata..x@...`...B....z.............@.0..CRT....p.............{.............@.@..tls..................{.............@.@..rsrc...@M.....@M....{.............@.0.................................................................................................................................................................................................................

                                    C:\Program Files (x86)\Microsoft Network\WinRing0x64.sys

                                    Download File
                                    Process:C:\Windows\SystemNvwmiShell\NvwmiShell.exe
                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                    Category:dropped
                                    Size (bytes):14544
                                    Entropy (8bit):6.2660301556221185
                                    Encrypted:false
                                    SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                    MD5:0C0195C48B6B8582FA6F6373032118DA
                                    SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                    SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                    SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 5%
                                    • Antivirus: Virustotal, Detection: 4%, Browse
                                    Joe Sandbox View:
                                    • Filename: GGXhCiYFBw.exe, Detection: malicious, Browse
                                    • Filename: 7K5DrSyL8Y.exe, Detection: malicious, Browse
                                    • Filename: egFMhHSlmf.exe, Detection: malicious, Browse
                                    • Filename: OTm8DpW32j.exe, Detection: malicious, Browse
                                    • Filename: zufmUwylvo.exe, Detection: malicious, Browse
                                    • Filename: zufmUwylvo.exe, Detection: malicious, Browse
                                    • Filename: 0NSjUT34gS.exe, Detection: malicious, Browse
                                    • Filename: eshkere.bat, Detection: malicious, Browse
                                    • Filename: frik.exe, Detection: malicious, Browse
                                    • Filename: Google Chrome.exe, Detection: malicious, Browse
                                    Reputation:high, very likely benign file
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\checkip[1].htm

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Network\HelpSystem.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):31
                                    Entropy (8bit):4.147114052043201
                                    Encrypted:false
                                    SSDEEP:3:ORy0WtJBUXMRn:+PoJiXG
                                    MD5:41F4D2DFE0923257C7A383D0C6204E53
                                    SHA1:9D5BD434E4E50BEF880C9D6BCD6C2F3B76FE72F1
                                    SHA-256:6681FAC5BD32E8F0378F0AB3C6B969AC38E91551719DE51553BB7AF089418AA0
                                    SHA-512:BFF78E6E4F240591F041C57979D8BE00485EFE1FB4B0F22546575E218BBF27B18C36C1605B4D1FC9C351287CBDC8790F378FD2D7D2CCB81AEB1B9B2CD06F2D5E
                                    Malicious:true
                                    Reputation:low
                                    Preview:Current IP Address: 8.46.123.33

                                    C:\Windows\SystemNvwmiShell\NvwmiShell.dll

                                    Download File
                                    Process:C:\Windows\SystemNvwmiShell\NvwmiShell.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):8629952
                                    Entropy (8bit):7.999981027200894
                                    Encrypted:true
                                    SSDEEP:196608:wCQLJWjMlhDB3dRvBbYiqZBkBQBzTciO1nfniCrmNKYO:wC9YlhDBtezkOBki2nvlrmNKv
                                    MD5:6E5E20345297246C9E8A18D9B203F47E
                                    SHA1:1177FA6B654D8B09A1CB8DFD78ADE2A280F9E716
                                    SHA-256:A18B00D4720F0BE03A1A87332EEA1C29021DF27F42FC497710C3CC3E82D7212B
                                    SHA-512:08786A7A5B2B3A6E47FCE09B3E8D66E6501B0BB3D01BF7DB887CBCCC1D5B09BEDE93AD42AAF834494280A212BB33432E560694F3A8FBDE02D9274EDCC159A0AA
                                    Malicious:false
                                    Preview:.x.&7....*...C..|T..-2K..{B....!M.ot..X..U..\.(<..{'.6~..dF.P.`.,T0.K...K.Z%[...+......S."..[.2..G....Ze....0.p.w.l......a.~./...H..A.\..?..Ein...+..MN.S?x'{f.... .r.Y.Fl..ym....![.b}Q{..>`..:...D..ZT..e(.(.)%.-....]I*....k4.)....(.r...c.J^.S........).m.#ix...[.LX.|.g...x.A.E.fZ.....F..4..2kid..[be.........D.vBn.qE{2.|w.....ab...>.....h.0'.~...;.|x....3..h..1..;3.6 .<....5GH.f..s.........?....:.~..L."V..XRE.].b..@/........P.f..H.. ...6....5....sA.S..H.K.......&...../w..r......H.y.....nE.fw.].U..Z"%...T`.. ..p.......!_XrA.+f.E./...4...R....4.6..|$.b.!Q..&).+...x..Htv....c*.L.>7(.>.vLK.nWx..4..L;.S...*.qv..i..2......`.....zZOE....-.t.B.I.. ..\C...H..^@s...-.X*..-s.$.;...A..(.`x.W-..<....d.fc.....1._C........pB..AJ.WG.5z|....R..S.Q......J...z...(.$.....2..........%..e......n........Q..U......7..q.....I2G....ZL..=...V...C.*....n.O<.$..+..p.a..q....t..........m"]M.tB.J...dq....c1$tes.$....h.Na@.S.k...iy.n&`..1...Npx...eD...m...|....wH.......`:

                                    C:\Windows\SystemNvwmiShell\NvwmiShell.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\R4WCgDAfHB.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):79073664
                                    Entropy (8bit):5.670612439091091
                                    Encrypted:false
                                    SSDEEP:6144:098TSnLDuZvOx31RZG15VoZppGJyCNDri5sfJXn+oAyu:nZvO7RQaZOJyEDj0Lyu
                                    MD5:8F0FE69596C6D95FEFADF00B3E28707D
                                    SHA1:3BBBFC2058995D3F77CF1AE043C810D656BFE406
                                    SHA-256:4E44955C7BA4F77AC2D29D054D3E4D8838FA795B8495FDF7747B9020CB208E21
                                    SHA-512:3AC74B5ACE3CD983ED23795D9E98C44B8BD8B6844702CF99B23972B3E78CB5C6B342970C31A5472D26C90E4C90208AD7C508AD9E2F461BE25ECB1704B2893A0D
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>.E.PSE.PSE.PS...SD.PSbk=SB.PSbk+SP.PSE.QS..PS[..S_.PS[..S.PS[..S.PS[..SF.PS[..SD.PS[..SD.PSRichE.PS........................PE..L...N..e.....................P....................@..................................^....@.................................l^...........u...........<...5...@.......................................8..@....................]..@....................text............................... ..`.rdata...r.......t..................@..@.data....2...........`..............@....rsrc....u.......v...X..............@..@.reloc..Nm...@...n..................@..B........................................................................................................................................................................................................................................................................................................

                                    \Device\ConDrv

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Network\HelpSystem.exe
                                    File Type:ASCII text, with CR line terminators
                                    Category:dropped
                                    Size (bytes):59823
                                    Entropy (8bit):3.5127837084076443
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5781F51DF1EF81EA977E7D97F761A481
                                    SHA1:E0E9987252893EFE891EF68D35414A4626B0A4CB
                                    SHA-256:BC88623A0330A313BBF880A952C4A97AE4F56856FBA6603AFAB05D8A9393B6DC
                                    SHA-512:86DF35CAB1EC5F44D08E791E3938BF3D95543716253684F8CAD09D3ED4D930B3EAD58430637AA36CE52CC2C4874553523026A55F2B2F66765913DE745D6BA586
                                    Malicious:false
                                    Preview:-> 1/65535 - 0.-> 2/65535 - 0.-> 3/65535 - 0.-> 4/65535 - 0.-> 5/65535 - 0.-> 6/65535 - 0.-> 7/65535 - 0.-> 8/65535 - 0.-> 9/65535 - 0.-> 10/65535 - 0.-> 11/65535 - 0.-> 12/65535 - 0.-> 13/65535 - 0.-> 14/65535 - 0.-> 15/65535 - 0.-> 16/65535 - 0.-> 17/65535 - 0.-> 18/65535 - 0.-> 19/65535 - 0.-> 20/65535 - 0.-> 21/65535 - 0.-> 22/65535 - 0.-> 23/65535 - 0.-> 24/65535 - 0.-> 25/65535 - 0.-> 26/65535 - 0.-> 27/65535 - 0.-> 28/65535 - 0.-> 29/65535 - 0.-> 30/65535 - 0.-> 31/65535 - 0.-> 32/65535 - 0.-> 33/65535 - 0.-> 34/65535 - 0.-> 35/65535 - 0.-> 36/65535 - 0.-> 37/65535 - 0.-> 38/65535 - 0.-> 39/65535 - 0.-> 40/65535 - 0.-> 41/65535 - 0.-> 42/65535 - 0.-> 43/65535 - 0.-> 44/65535 - 0.-> 45/65535 - 0.-> 46/65535 - 0.-> 47/65535 - 0.-> 48/65535 - 0.-> 49/65535 - 0.-> 50/65535 - 0.-> 51/65535 - 0.-> 52/65535 - 0.-> 53/65535 - 0.-> 54/65535 - 0.-> 55/65535 - 0.-> 56/65535 - 0.-> 57/65535 - 0.-> 58/65535 - 0.-> 59/65535 - 0.-> 60/65535 - 0.-> 61/65535 - 0.-> 62/65535 - 0.-> 63/65535 - 0.-

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):6.761976958626553
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.53%
                                    • InstallShield setup (43055/19) 0.43%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:R4WCgDAfHB.exe
                                    File size:422'352 bytes
                                    MD5:8595a9cecbac3bd363c30c7ab2bec849
                                    SHA1:5a154a7472cc4afa18f414a3edf8f3ff7a2a51e2
                                    SHA256:df2b80bb68e829de13051a9781e096b095a90b676ab1f974284bad8609775040
                                    SHA512:2d2d34ce590af7bb1902a5b355452efa9b9c6f947e7c288d7d575b0aa117a2870e99ddf11f4c9c4b936a889852726fd28f99973a5559e34b86af2940198eacec
                                    SSDEEP:6144:098TSnLDuZvOx31RZG15VoZppGJyCNDri5sfJXn+oAy:nZvO7RQaZOJyEDj0Ly
                                    TLSH:4D944C10295F8C3BD883B5394AA1CFAB95F66C204E2746677AE13E2D7FF624365102C7
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>.E.PSE.PSE.PS...SD.PSbk=SB.PSbk+SP.PSE.QS..PS[..S_.PS[..S..PS[..S..PS[..SF.PS[..SD.PS[..SD.PSRichE.PS.......................

                                    File Icon

                                    Icon Hash:8ca2c096b0c1e245

                                    Static PE Info

                                    General

                                    Entrypoint:0x40ec06
                                    Entrypoint Section:.text
                                    Digitally signed:true
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x65C4D54E [Thu Feb 8 13:21:18 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:5
                                    OS Version Minor:0
                                    File Version Major:5
                                    File Version Minor:0
                                    Subsystem Version Major:5
                                    Subsystem Version Minor:0
                                    Import Hash:97843ffb69d38c7f82140e8b5fff11a2

                                    Authenticode Signature

                                    Signature Valid:false
                                    Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                    Signature Validation Error:The digital signature of the object did not verify
                                    Error Number:-2146869232
                                    Not Before, Not After
                                    • 05/01/2016 19:00:00 28/03/2019 19:59:59
                                    Subject Chain
                                    • CN=Qihoo 360 Software (Beijing) Company Limited, OU=Tech. Dev. Dept., O=Qihoo 360 Software (Beijing) Company Limited, L=Beijing, S=Beijing, C=CN
                                    Version:3
                                    Thumbprint MD5:458049CD38BF196FA31298973E90FBE2
                                    Thumbprint SHA-1:D4FB2982268B592E3CD46FA78194E71418297741
                                    Thumbprint SHA-256:0C9E4AE0B30089F2608168012D7D453CE982CCACC709D566C0ADD9DAB14C7E15
                                    Serial:26279F0F2F11970DCCF63EBA88F2D4C4

                                    Entrypoint Preview

                                    Instruction
                                    call 00007FD2D46F6B1Fh
                                    jmp 00007FD2D46F103Dh
                                    push 0000000Ch
                                    push 004258D8h
                                    call 00007FD2D46F3869h
                                    and dword ptr [ebp-1Ch], 00000000h
                                    mov esi, dword ptr [ebp+08h]
                                    cmp esi, dword ptr [0043B1E8h]
                                    jnbe 00007FD2D46F11E4h
                                    push 00000004h
                                    call 00007FD2D46F479Bh
                                    pop ecx
                                    and dword ptr [ebp-04h], 00000000h
                                    push esi
                                    call 00007FD2D46F4FD2h
                                    pop ecx
                                    mov dword ptr [ebp-1Ch], eax
                                    mov dword ptr [ebp-04h], FFFFFFFEh
                                    call 00007FD2D46F11CEh
                                    mov eax, dword ptr [ebp-1Ch]
                                    call 00007FD2D46F3875h
                                    ret
                                    push 00000004h
                                    call 00007FD2D46F4696h
                                    pop ecx
                                    ret
                                    mov edi, edi
                                    push ebp
                                    mov ebp, esp
                                    push esi
                                    mov esi, dword ptr [ebp+08h]
                                    cmp esi, FFFFFFE0h
                                    ja 00007FD2D46F1267h
                                    push ebx
                                    push edi
                                    mov edi, dword ptr [0042020Ch]
                                    cmp dword ptr [004399D0h], 00000000h
                                    jne 00007FD2D46F11DAh
                                    call 00007FD2D46F61A1h
                                    push 0000001Eh
                                    call 00007FD2D46F5FEFh
                                    push 000000FFh
                                    call 00007FD2D46F17CAh
                                    pop ecx
                                    pop ecx
                                    mov eax, dword ptr [0043B1F8h]
                                    cmp eax, 01h
                                    jne 00007FD2D46F11D0h
                                    test esi, esi
                                    je 00007FD2D46F11C6h
                                    mov eax, esi
                                    jmp 00007FD2D46F11C5h
                                    xor eax, eax
                                    inc eax
                                    push eax
                                    jmp 00007FD2D46F11DEh
                                    cmp eax, 03h
                                    jne 00007FD2D46F11CDh
                                    push esi
                                    call 00007FD2D46F1118h
                                    pop ecx
                                    test eax, eax
                                    jne 00007FD2D46F11D8h
                                    test esi, esi
                                    jne 00007FD2D46F11C3h
                                    inc esi
                                    add esi, 0Fh
                                    and esi, FFFFFFF0h

                                    Rich Headers

                                    Programming Language:
                                    • [ C ] VS2005 build 50727
                                    • [IMP] VS2005 build 50727
                                    • [ASM] VS2008 build 21022
                                    • [ C ] VS2008 build 21022
                                    • [C++] VS2008 build 21022
                                    • [RES] VS2008 build 21022
                                    • [LNK] VS2008 build 21022

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x25e6c0xa0.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c0000x27514.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x63c000x35d0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x640000x1fe4.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x238f80x40.rdata
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x200000x3c0.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x25de40x40.rdata
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000x1e68b0x1e800445bb6b54111debd9c1f3b5f74fbc7cdFalse0.5619236680327869data6.59725871904921IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rdata0x200000x72960x74004a52feb77c8902486928bfc47d62c9f4False0.3529768318965517data5.03423408860561IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0x280000x132140xf800e843d6280cb8648fbd7d68f6eedd5f49False0.9019814768145161data7.703478425686808IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0x3c0000x275140x2760040a4916702e3059f7f9de551807c97a4False0.3399925595238095data6.374114056365639IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x640000x6d4e0x6e000ab9a2f00dd2bb6b3579589e136170daFalse0.2256036931818182data2.7096104954987683IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_CURSOR0x3cda80x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"ChineseChina0.4805194805194805
                                    RT_CURSOR0x3cedc0xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"ChineseChina0.7
                                    RT_CURSOR0x3cf900x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.36363636363636365
                                    RT_CURSOR0x3d0c40x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.35714285714285715
                                    RT_CURSOR0x3d1f80x134dataChineseChina0.37337662337662336
                                    RT_CURSOR0x3d32c0x134dataChineseChina0.37662337662337664
                                    RT_CURSOR0x3d4600x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                    RT_CURSOR0x3d5940x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.37662337662337664
                                    RT_CURSOR0x3d6c80x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                    RT_CURSOR0x3d7fc0x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.38636363636363635
                                    RT_CURSOR0x3d9300x134dataChineseChina0.44155844155844154
                                    RT_CURSOR0x3da640x134dataChineseChina0.4155844155844156
                                    RT_CURSOR0x3db980x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.5422077922077922
                                    RT_CURSOR0x3dccc0x134dataChineseChina0.2662337662337662
                                    RT_CURSOR0x3de000x134dataChineseChina0.2824675324675325
                                    RT_CURSOR0x3df340x134dataChineseChina0.3246753246753247
                                    RT_BITMAP0x3e0680xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80ChineseChina0.44565217391304346
                                    RT_BITMAP0x3e1200x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.37962962962962965
                                    RT_ICON0x3e2640x2868Device independent bitmap graphic, 128 x 256 x 4, image size 0ChineseChina0.4840487238979118
                                    RT_ICON0x40acc0x668Device independent bitmap graphic, 48 x 96 x 4, image size 0ChineseChina0.5201219512195122
                                    RT_ICON0x411340x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0ChineseChina0.5994623655913979
                                    RT_ICON0x4141c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0ChineseChina0.6147540983606558
                                    RT_ICON0x416040x128Device independent bitmap graphic, 16 x 32 x 4, image size 0ChineseChina0.5912162162162162
                                    RT_ICON0x4172c0x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 0, 256 important colorsChineseChina0.2611304883052934
                                    RT_ICON0x463540xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0, 256 important colorsChineseChina0.4736140724946695
                                    RT_ICON0x471fc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0, 256 important colorsChineseChina0.4553249097472924
                                    RT_ICON0x47aa40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0, 256 important colorsChineseChina0.4141705069124424
                                    RT_ICON0x4816c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0, 256 important colorsChineseChina0.26083815028901736
                                    RT_ICON0x486d40x5006PNG image data, 256 x 0, 8-bit/color RGBA, non-interlacedChineseChina0.9965342184906766
                                    RT_ICON0x4d6dc0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0ChineseChina0.13229031113214243
                                    RT_ICON0x5df040x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0ChineseChina0.233298755186722
                                    RT_ICON0x604ac0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0ChineseChina0.3079268292682927
                                    RT_ICON0x615540x988Device independent bitmap graphic, 24 x 48 x 32, image size 0ChineseChina0.375
                                    RT_ICON0x61edc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0ChineseChina0.3448581560283688
                                    RT_DIALOG0x623440xdcdataChineseChina0.7272727272727273
                                    RT_DIALOG0x624200xe2dataChineseChina0.6814159292035398
                                    RT_DIALOG0x625040x34dataChineseChina0.9038461538461539
                                    RT_STRING0x625380x4edataChineseChina0.8461538461538461
                                    RT_STRING0x625880x2cdataChineseChina0.5909090909090909
                                    RT_STRING0x625b40x82dataChineseChina0.9307692307692308
                                    RT_STRING0x626380x1d6dataChineseChina0.8148936170212766
                                    RT_STRING0x628100x160dataChineseChina0.4971590909090909
                                    RT_STRING0x629700x12edataChineseChina0.652317880794702
                                    RT_STRING0x62aa00x50dataChineseChina0.7125
                                    RT_STRING0x62af00x44dataChineseChina0.6764705882352942
                                    RT_STRING0x62b340x68dataChineseChina0.7019230769230769
                                    RT_STRING0x62b9c0x1b8dataChineseChina0.6568181818181819
                                    RT_STRING0x62d540x104dataChineseChina0.6038461538461538
                                    RT_STRING0x62e580x24dataChineseChina0.4722222222222222
                                    RT_STRING0x62e7c0x30dataChineseChina0.625
                                    RT_GROUP_CURSOR0x62eac0x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0294117647058822
                                    RT_GROUP_CURSOR0x62ed00x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62ee40x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62ef80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f0c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f200x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f340x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f480x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f5c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f700x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f840x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62f980x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62fac0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62fc00x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                    RT_GROUP_CURSOR0x62fd40x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.25
                                    RT_GROUP_ICON0x62fe80xe6dataChineseChina0.6
                                    RT_VERSION0x630d00x2e8dataChineseChina0.4596774193548387
                                    RT_MANIFEST0x633b80x15aASCII text, with CRLF line terminatorsEnglishUnited States0.5491329479768786

                                    Imports

                                    DLLImport
                                    KERNEL32.dllHeapReAlloc, GetCommandLineA, GetStartupInfoA, RtlUnwind, Sleep, ExitProcess, RaiseException, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetACP, IsValidCodePage, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, GetModuleHandleW, SetErrorMode, CreateFileA, GetCurrentProcess, FlushFileBuffers, SetFilePointer, WriteFile, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, InterlockedIncrement, FormatMessageA, MultiByteToWideChar, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalFree, LocalAlloc, GlobalFlags, GlobalFree, GlobalUnlock, InterlockedDecrement, GetModuleFileNameW, WritePrivateProfileStringA, GetCurrentProcessId, GetLastError, SetLastError, GlobalAddAtomA, CloseHandle, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesA, GetModuleFileNameA, GetLocaleInfoA, WideCharToMultiByte, CompareStringA, FindResourceA, LoadResource, LockResource, SizeofResource, InterlockedExchange, GlobalLock, lstrcmpA, GlobalAlloc, GetModuleHandleA, lstrlenA, HeapFree, FreeLibrary, GetProcessHeap, HeapAlloc, GetProcAddress, LoadLibraryA, IsBadReadPtr, VirtualProtect, VirtualFree, GetEnvironmentStringsW, VirtualAlloc
                                    USER32.dllGetSysColorBrush, ShowWindow, RegisterWindowMessageA, LoadIconA, WinHelpA, GetClassLongA, SetPropA, GetPropA, RemovePropA, IsWindow, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetMenu, SetForegroundWindow, GetClientRect, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, DefWindowProcA, CallWindowProcA, GetMenu, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetSystemMetrics, GetMenuItemID, GetSubMenu, GetWindow, GetDlgCtrlID, GetWindowRect, GetClassNameA, PtInRect, GetWindowTextA, SetWindowTextA, GetSysColor, PostMessageA, PostQuitMessage, CheckMenuItem, EnableMenuItem, ReleaseDC, GetDC, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, UnhookWindowsHookEx, GetMenuItemCount, UnregisterClassA, DestroyMenu, GetMenuState, ModifyMenuA, SendMessageA, GetParent, GetFocus, LoadBitmapA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, ValidateRect, GetCursorPos, PeekMessageA, GetKeyState, IsWindowVisible, GetActiveWindow, DispatchMessageA, TranslateMessage, GetMessageA, CallNextHookEx, SetWindowsHookExA, SetCursor, LoadCursorA, GetCapture, ClientToScreen, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, EnableWindow, MessageBoxA
                                    GDI32.dllDeleteDC, GetStockObject, GetDeviceCaps, SelectObject, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, CreateBitmap, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, SetViewportOrgEx
                                    WINSPOOL.DRVDocumentPropertiesA, OpenPrinterA, ClosePrinter
                                    ADVAPI32.dllRegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
                                    SHLWAPI.dllPathFindFileNameA, PathFindExtensionA
                                    OLEAUT32.dllVariantClear, VariantChangeType, VariantInit

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    ChineseChina
                                    EnglishUnited States

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-10-12T16:39:54.910290+02002830483ETPRO MALWARE Observed Malicious User-Agent (WinInetGet/)1192.168.2.450024114.215.199.19280TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Oct 12, 2024 16:38:08.875833988 CEST497468686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:08.881103992 CEST86864974645.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:08.881185055 CEST497468686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:08.881231070 CEST497468686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:08.886507988 CEST86864974645.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:09.579433918 CEST86864974645.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:09.579987049 CEST497468686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:09.585849047 CEST86864974645.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:09.586091995 CEST497468686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:09.591177940 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:09.596647978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:09.596926928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:09.596926928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:09.602313042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.460414886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.460479021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.460623980 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.574153900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.574201107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.574237108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.574273109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.574385881 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.574595928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.579330921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.628726959 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.705590963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.705647945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.705667973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.705686092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.705701113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.705719948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.706037045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.706037045 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.706073046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.706289053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.819340944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819433928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819473028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819500923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.819505930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819540024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819552898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.819572926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819607019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819622993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.819648027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.819706917 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.820152044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.862807035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.932996988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933042049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933062077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933079004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933094978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933151960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933362007 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:10.933614016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933675051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933717012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933751106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:10.933861971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.046564102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046633959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046673059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046705008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046740055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046772957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046772003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.046772003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.046806097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046838999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046844006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.046875000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.046905994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.097302914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.161587000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.161658049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.161694050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.161725998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.161758900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.161789894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.161789894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.161791086 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.161825895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.161859989 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.162061930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.162096977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.162224054 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.206681013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.274913073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.274982929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275017023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275051117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275068045 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.275088072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275120974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.275122881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275165081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275192022 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.275891066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275940895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.275945902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.316055059 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.388859034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.388910055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.388947964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.388981104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.388983011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.389014959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.389045954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.389050007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.389086962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.389116049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.389766932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.389820099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.389836073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.440972090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.502852917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.502901077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.502955914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.502989054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.503025055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.503057003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.503092051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.503093004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.503093004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.503128052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.503161907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.503182888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.503767967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.550425053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.616117001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616166115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616202116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616216898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.616239071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616290092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.616411924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616446972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616481066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616489887 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.616514921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.616556883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.617129087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.659702063 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.729986906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730036020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730093002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730125904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730149984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.730160952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730194092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730218887 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.730227947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730237007 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.730262041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730299950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.730308056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.784694910 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.843692064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.843743086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.843776941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.843813896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.843859911 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.843861103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.844197989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.844254971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.844290972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.844326973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.844369888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.844369888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.844856024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.894201994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.957469940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957540989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957576036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957608938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957645893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957657099 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.957678080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957712889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957727909 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.957727909 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.957746983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:11.957797050 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:11.958393097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.003438950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.071013927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071063042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071099043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071132898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071238041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.071238041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.071376085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071445942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071479082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071533918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.071679115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.071679115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.072071075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.112941027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.184504032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.184547901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.184582949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.184617996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.184653044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.184689999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.184685946 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.184685946 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.184777975 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.185420990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.185470104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.185508966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.185538054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.185556889 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.185647964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.298842907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.298893929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.298929930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.298962116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.298995972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.299026966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.299040079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.299040079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.299062967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.299159050 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.299278975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.299314022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.299355030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.347217083 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.412012100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412036896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412055969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412070036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412087917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412105083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412121058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412137985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.412190914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.412190914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.412190914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.412192106 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.412971020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.456717968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.525799990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526220083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526242971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526259899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526276112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526292086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526307106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526324034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526392937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.526392937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.526392937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.526392937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.526823997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526844978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.526981115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.639415026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639441013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639457941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639473915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639492035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639611959 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.639847040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639874935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639892101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.639909029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.640034914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.640034914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.691065073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.762831926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.762855053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.762871981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.763014078 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.763099909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.763128042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.763160944 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.763897896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.763914108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.763930082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.763945103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.763953924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.763979912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.816102982 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.874689102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.874737978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.874773979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.874805927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.874860048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.874886990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.874886990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.875071049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.875104904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.875251055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.875253916 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.875291109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.875324011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.925353050 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.988441944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988488913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988523960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988554955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988588095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988615990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.988616943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.988651037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988701105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988733053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988734961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:12.988765001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:12.988776922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.034719944 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.102185965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102236986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102273941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102307081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102343082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102359056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.102359056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.102375031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102408886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102432966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.102442026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102478027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.102509975 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.144207001 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.215424061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215500116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215533972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215564966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215599060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215627909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215662003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215689898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.215744019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.215744019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.215879917 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.216212034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.269308090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.328718901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.328748941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.328771114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.328789949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.328810930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.328893900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.328893900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.328924894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.328979015 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.329005003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.329219103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.329279900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.329391003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.378621101 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.442964077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443039894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443079948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443114996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443135023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.443150997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443183899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443201065 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.443221092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443243980 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.443257093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443294048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.443320036 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.487893105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.555962086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556082964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556118965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556154013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556164026 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.556195021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556236029 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.556663990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556688070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556705952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556720972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.556724072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.556752920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.597234011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.669759035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.669785023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.669801950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.669816971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.669836044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.669841051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.669922113 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.670120001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.670176983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.670197010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.670212984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.670245886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.670296907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.722362041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.783588886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.783638954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.783675909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.783709049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.783759117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.783788919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.783790112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.783813953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.783852100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.783869982 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.784055948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.784090996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.784210920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.831588030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.896891117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.896944046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.896980047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.897011995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.897068024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.897078037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.897078037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.897103071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.897136927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.897152901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.897171021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.897207975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:13.897217035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:13.941113949 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.010540962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.010592937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.010631084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.010664940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.010703087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.010757923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.010757923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.011019945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.011053085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.011086941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.011120081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.011192083 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.011193037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.066091061 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.125988007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126060009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126097918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126132011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126166105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126198053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126199961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.126200914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.126235008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126380920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126415968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.126559973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.126559973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.175451994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.239564896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239619017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239659071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239712954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239743948 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.239748001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239783049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239814043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.239816904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239842892 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.239850998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239886999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.239900112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.284811974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.352845907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.352869987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.352885962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.352901936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.353004932 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.353099108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.353308916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.353329897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.353346109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.353359938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.353375912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.353463888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.353463888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.394287109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.466669083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466730118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466768980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466801882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466837883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466871977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466906071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466911077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.466942072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.466983080 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.467014074 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.467690945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.519232988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.580105066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580153942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580195904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580229998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580265045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580318928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580354929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580387115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580424070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.580444098 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.580444098 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.580492973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.628757954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.707568884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.707618952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.707654953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.707688093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.707724094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.707752943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.707752943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.707905054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.707940102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.708112955 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.708195925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.708234072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.708256960 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.753637075 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.821666956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.821719885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.821738958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.821754932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.821774006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.822195053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.822252989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.822252035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.822273016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.822293043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.822612047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.934672117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.934762001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.934781075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.934799910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.934900045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.934954882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.934987068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.935020924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.935053110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:14.935103893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.935103893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.935103893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:14.987960100 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.048290014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.048360109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.048396111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.048428059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.048463106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.048494101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.048516035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.048516989 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.048530102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.048604965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.049313068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.049370050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.049397945 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.097248077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.162306070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162358046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162395954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162429094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162466049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162482977 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.162482977 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.162503004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162533998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162552118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.162569046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162600994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.162620068 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.206717968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.275871992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.275922060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.275958061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.275990963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.276026964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.276052952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.276052952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.276149988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.276185036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.276211023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.276217937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.276249886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.276279926 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.331595898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.389518976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389574051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389594078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389626026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389643908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389658928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389698982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389731884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389767885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.389779091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.389780045 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.389858007 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.440984011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.503199100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503268003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503304005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503336906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503370047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503432035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503464937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.503470898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503504038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503521919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.503540039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.503578901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.550462961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.617043018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617094040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617130041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617162943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617167950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.617202044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617223978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.617305994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617340088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617362022 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.617373943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617405891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.617427111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.659857035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.731038094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731084108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731105089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731138945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731170893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731214046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731246948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731281042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.731319904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.731321096 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.731431961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.732075930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.784847021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.843652964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.843708038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.843760014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.843815088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.843821049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.843848944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.843880892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.843890905 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.843914032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.843945026 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.844767094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.844800949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.844831944 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.844835043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.844907045 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.957423925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.957596064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.957612038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.957628012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.957643032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.957655907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.957731009 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.957871914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.957931042 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.957946062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.958152056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:15.958199024 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:15.958200932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.003613949 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.071212053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071235895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071253061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071389914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.071413994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071444035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071460962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071469069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071485996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.071491003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.071513891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.071564913 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.072247982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.112987041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.185142040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185187101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185224056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185259104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185292006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185326099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185329914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.185363054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185394049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.185394049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.185884953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185919046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.185952902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.186070919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.298988104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299036980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299073935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299108028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299113035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.299143076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299173117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.299180984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299216986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299226999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.299490929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299545050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.299549103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.347330093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.412211895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412249088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412282944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412316084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412350893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412405968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.412405968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.412622929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412677050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412708044 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.412709951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412744045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.412782907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.456583023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.536216021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.536241055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.536257982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.536273956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.536288977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.536309004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.536328077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.536422968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.536422968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.537123919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.537138939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.537153959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.537317991 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.537317991 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.649719000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.649772882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.649830103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.649838924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.649864912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.649909973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.649921894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.649956942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.649991989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.650003910 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.650026083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.650062084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.650068998 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.691083908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.763652086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763732910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763770103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763802052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763838053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763895035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763928890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763928890 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.763928890 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.763962984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.763999939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.764015913 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.764017105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.815965891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.877120018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877192974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877228022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877262115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877295971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877329111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877361059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877396107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.877666950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.877666950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.877918005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.925358057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.990916967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.990968943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991005898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991038084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991091013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991102934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.991102934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.991147041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991182089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991214991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991216898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:16.991250038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:16.991281986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.034849882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.104367018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104415894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104461908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104487896 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.104527950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104562044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104582071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.104593992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104628086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104639053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.104661942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104696989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.104707003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.159843922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.217852116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.217873096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.217907906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.217922926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.217927933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.217940092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.217953920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.217962980 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.217995882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.218663931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.218677998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.218693018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.218708038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.219261885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.219261885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.331897974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.331954002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.332010984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.332043886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.332077026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.332109928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.332122087 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.332144976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.332186937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.332236052 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.332236052 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.332263947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.378516912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.445628881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.445679903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.445713997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.445745945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.445744991 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.445780993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.445810080 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.445920944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.445954084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.445981979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.445990086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.446023941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.446053028 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.485805035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.559350014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.559428930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.559465885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.559503078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.559536934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.559539080 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.559572935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.559578896 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.559608936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.559636116 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.560229063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.560277939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.560316086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.560398102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.560398102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.672590017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672614098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672631979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672646046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672662973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672688007 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.672763109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.672841072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672874928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672899961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.672909975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672941923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.672955990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.722330093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.786400080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786452055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786492109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786524057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786572933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.786583900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786617041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786645889 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.786667109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.786688089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786721945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786756992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.786770105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.829824924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.899858952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.899909973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.899945021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.899976969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.900010109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.900031090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.900032043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.900042057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.900075912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.900110960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.900119066 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.900161028 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:17.900517941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.900557995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:17.900682926 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.013695002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.013751030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.013787985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.013820887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.013837099 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.013854980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.013886929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.013921022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.013921022 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.013945103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.013957024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.014002085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.014595032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.014650106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.014700890 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.127121925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127159119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127183914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127198935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127213955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127229929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127249002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127270937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.127296925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.127363920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.128149986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.175398111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.240854025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.240927935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.240963936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.240995884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.241007090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.241029978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.241060972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.241092920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.241116047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.241116047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.241128922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.241175890 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.241767883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.284847975 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.354584932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.354630947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.354669094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.354703903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.354737043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.354758978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.354772091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.354758978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.354826927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.354876995 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.355583906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.355633974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.355639935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.355675936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.355726004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.468276978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.468324900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.468362093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.468395948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.468394995 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.468432903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.468472958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.468483925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.468511105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.468570948 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.469090939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.469142914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.469182968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.469212055 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.469244003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.581636906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.581670046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.581692934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.581712961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.581737041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.581800938 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.581800938 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.581964970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.581986904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.582007885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.582029104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.582155943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.582155943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.628499031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.696686029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.696759939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.696795940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.696829081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.696865082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.696870089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.696871042 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.696897984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.696933031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.696962118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.696965933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.697002888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.697010994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.738071918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.822365046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822417021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822475910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822510958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822547913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822582960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822598934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.822599888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.822618008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822655916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822690010 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.822695017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.822765112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.936052084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936105013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936140060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936172962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936206102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936239004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936270952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936278105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.936278105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.936305046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.936358929 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.936358929 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:18.937093019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:18.987900019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.049457073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.049504042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.049560070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.049593925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.049596071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.049628019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.049665928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.049684048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.049720049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.049772024 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.050462008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.050496101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.050510883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.050534010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.050880909 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.164022923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164073944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164109945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164143085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164141893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.164179087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164222002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.164290905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164324045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164357901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164371014 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.164391994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.164437056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.290287018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290337086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290373087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290405035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290429115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.290438890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290472031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290504932 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.290507078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290539026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290549994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.290574074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.290600061 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.331614971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.413294077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413316965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413331985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413338900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413357019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413404942 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.413405895 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.413455009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413471937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413487911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413503885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.413518906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.413537025 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.456696033 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.504213095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504235983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504251957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504268885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504286051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504302025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504400015 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.504400969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.504400969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.504904032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504920959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504937887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.504956007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.505057096 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.505057096 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.617659092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.617686033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.617702961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.617717028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.617733002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.617805004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.618052006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.618078947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.618093014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.618108988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.618182898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.618182898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.731161118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.731230974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.731266975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.731304884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.731338978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.731352091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.731352091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.731373072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.731441975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.731493950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.732280016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.732335091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.732445955 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.784797907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.845035076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.845083952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.845120907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.845153093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.845185995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.845217943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.845231056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.845232010 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.845253944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.845304012 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.846139908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.846191883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.846324921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.894233942 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.958439112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.958482027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.958538055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.958573103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.958605051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.958605051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.958662987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.958667994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.958702087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.958749056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.959577084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.959624052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.959665060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:19.959738016 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:19.959738970 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.072432041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.072478056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.072514057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.072547913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.072582006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.072587013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.072617054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.072618961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.072654009 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.072654009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.073575020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.073622942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.073663950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.073771954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.073856115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.185630083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.185672045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.185708046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.185786963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.186048985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.186109066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.186156988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.186157942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.186192989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.186224937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.186239004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.186264992 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.186789036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.237826109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.302597046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302649021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302683115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302716970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302750111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302747965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.302783012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302809000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.302819014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302851915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302867889 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.302886009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.302898884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.347246885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.413388014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413439989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413475990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413530111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413568020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413603067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413614988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.413614988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.413639069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413671970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413692951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.413710117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.413755894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.526741028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.526765108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.526782036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.526797056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.526813030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.526942968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.526942968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.527180910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.527209997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.527230978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.527374029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.527420998 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.527442932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.581563950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.640346050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640388012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640420914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640450954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.640455008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640489101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640497923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.640818119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640851974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640883923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.640887022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640919924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.640933990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.690965891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.754035950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754120111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754154921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754189014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754209995 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.754225016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754247904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.754357100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754400969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.754481077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754513979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754570007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754599094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.754616976 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.754645109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.868112087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868160009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868195057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868227959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868257999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.868263006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868324995 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.868441105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868474960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868493080 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.868510008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868546009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.868572950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.909724951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.981936932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.981987953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982023001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982055902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982079029 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.982120037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.982120991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982177019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982211113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982225895 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:20.982245922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982281923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:20.982301950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.034723997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.095251083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095273972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095289946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095422029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095434904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.095439911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095467091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095480919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095499039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.095506907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.095527887 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.095566988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.096380949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.144081116 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.209067106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209090948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209108114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209125042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209156990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.209212065 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.209377050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209404945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209422112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209460974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.209937096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209985971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.209996939 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.210022926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.210078001 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.322828054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.322851896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.322869062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.322885036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.322901964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.322921991 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.322974920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.323071957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.323118925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.323136091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.323152065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.323168039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.323203087 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.378470898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.436223030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436245918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436263084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436278105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436295986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436305046 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.436366081 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.436512947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436530113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436547995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436562061 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.436570883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.436606884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.487832069 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.550040960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550066948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550084114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550100088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550116062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550132036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550146103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550219059 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.550219059 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.550770044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550791025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550806999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.550827026 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.550863981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.551105976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.597223043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.663784981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.663836002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.663872004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.663904905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.663928032 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.663939953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.663966894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.664000034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.664045095 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.664191008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.664225101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.664258003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.664272070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.706600904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.778378010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.778399944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.778418064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.778434038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.778453112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.778656006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.778948069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.779005051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.779042006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.779067039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.779077053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.779098034 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.831708908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.890927076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.890952110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.890970945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.890989065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.891022921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.891052008 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.891486883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.891535044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.891571045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.891593933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:21.891603947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.891654015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:21.891700983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.004710913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.004756927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.004793882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.004827976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.004862070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.004874945 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.004897118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.004933119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.004940987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.004995108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.005700111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.005750895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.005765915 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.005790949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.006210089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.118432999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.118504047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.118537903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.118571043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.118587971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.118604898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.118639946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.118668079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.118673086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.118693113 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.118706942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.119203091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.119239092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.119259119 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.119277000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.231992006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232063055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232099056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232131004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232160091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.232167006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232197046 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.232254982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232310057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232342958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232377052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.232409000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.232409000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.284849882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.354254961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354279041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354296923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354312897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354331017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354341030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.354415894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.354624033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354646921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354665995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354681969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.354697943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.354724884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.474963903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.475050926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.475086927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.475105047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.477005959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.477066040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.477164984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.477197886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.477241039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.477721930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.477926016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.477960110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.477993011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.478001118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.478041887 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.589117050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589184999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589220047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589252949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589286089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589318037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589329004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.589351892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589386940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.589391947 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.589437962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.590096951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.644112110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.702510118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.702534914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.702550888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.702564955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.702580929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.702595949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.702641964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.702641964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.702641964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.703068972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.703113079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.703147888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.703182936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.703255892 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.703255892 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.816019058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816042900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816060066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816075087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816093922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816131115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.816184998 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.816431046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816503048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816520929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.816586018 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.816586971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.816627026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.862863064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.929857016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.929928064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.929964066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.929997921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.930015087 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.930032015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.930085897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.930119038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.930119991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.930151939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.930187941 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.930191040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:22.930231094 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:22.972346067 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.044368982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044389963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044405937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044420958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044440031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044480085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.044763088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044779062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044795036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044811010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.044814110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.044843912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.097330093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.157077074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157124996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157160997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157186031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.157195091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157232046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157249928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.157469034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157505035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157522917 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.157711029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157763958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.157764912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.206634998 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.271025896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271075964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271111012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271143913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271179914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271186113 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.271215916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271220922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.271287918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.271344900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271466970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271502018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.271528959 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.316128969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.384845972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.384913921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.384933949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.384949923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.384968042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.384989023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.385024071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.385040045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.385062933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.385257959 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.425338984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.498184919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498255968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498291969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498323917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498332024 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.498358965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498393059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498394012 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.498429060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498440027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.498465061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.498513937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.498554945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.550477982 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.611720085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.611763954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.611805916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.611840010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.611843109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.611856937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.611891031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.611898899 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.611911058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.611960888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.612870932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.612929106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.612967968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.612973928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.613023043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.725683928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.725759983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.725795031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.725828886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.725876093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.725891113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.725925922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.725939989 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.725960016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.725979090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.725999117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.726069927 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.726185083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.726377010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.726435900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.839112997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839133024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839143038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839205980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839231014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839246035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839260101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839277029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.839276075 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.839330912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.842025995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.894099951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.952985048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953008890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953026056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953151941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953171015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953187943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953217030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953238964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.953274965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.953761101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953778028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953793049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:23.953835964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:23.953890085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.066632986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.066685915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.066720963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.066756964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.066798925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.066842079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.067126989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.067176104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.067212105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.067244053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.067280054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.067311049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.067311049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.112889051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.180289030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180313110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180330038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180346966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180445910 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.180455923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180480957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.180489063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180506945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180533886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180535078 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.180551052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.180588961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.294102907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294152021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294188023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294219971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294253111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.294259071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294300079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.294312000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294348955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294361115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.294661999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294698000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.294719934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.347243071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.407622099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.407658100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.407691956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.407723904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.407732010 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.407757044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.407794952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.407797098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.407831907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.407845974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.408579111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.408612967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.408647060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.408648014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.408708096 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.521744013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.521794081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.521830082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.521862984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.521897078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.521928072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.521950960 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.521951914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.521960974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.521996021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.522027969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.522048950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.522613049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.569801092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.635029078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.635075092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.635130882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.635165930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.635195017 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.635199070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.635226965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.635232925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.635271072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.635286093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.636143923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.636193037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.636217117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.636230946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.636282921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.749006033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749058962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749099970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749154091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749188900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749190092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.749224901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749258995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749259949 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.749289036 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.749294043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749327898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.749353886 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.800473928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.862227917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.862297058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.862334013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.862368107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.862400055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.862431049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.862452030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.862469912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.862579107 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.863223076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.863246918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.863284111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.909735918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.975471020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.975492001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.975507975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.975523949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.975539923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.975555897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.975573063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.975572109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.975647926 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.976330996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.976365089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.976381063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:24.976407051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:24.976434946 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.089262009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.089282036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.089291096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.089298964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.089306116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.089314938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.089323044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.089497089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.090202093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.090220928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.090236902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.090358019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.090358019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.214942932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.214970112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.214987040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.215002060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.215019941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.215104103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.215286016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.215301037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.215317011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.215332031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.215339899 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.215372086 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.269222021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.327879906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.327905893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.327922106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.328239918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.328248978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.328263998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.328279972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.328294992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.328306913 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.328315973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.328342915 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.328368902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.329137087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.378619909 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.442065001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442090034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442106009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442121983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442137003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442137957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.442153931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442169905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442171097 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.442186117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442202091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.442217112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.442245007 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.555399895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555428982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555445910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555460930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555478096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555480957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.555521965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.555658102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555675030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555701971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.555840969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555860043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.555883884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.597217083 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.668864012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.668889999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.668910027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.668926001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.668946981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.669065952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.669065952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.669275045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.669302940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.669322014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.669439077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.669439077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.669467926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.722306013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.782721996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782757998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782774925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782789946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782807112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782820940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782836914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782851934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782870054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.782934904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.782934904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.782934904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.831828117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.896116972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.896163940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.896199942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.896234035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.896266937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.896294117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.896301031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.896336079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.896532059 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.896972895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.897016048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.897053003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:25.897100925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:25.897100925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.009782076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.009833097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.009850025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.009866953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.009886026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.009974003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.010035038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.010066986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.010087013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.010143042 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.010596037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.123526096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123595953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123645067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123749971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.123761892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123797894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123826981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.123830080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123863935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123881102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.123902082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.123945951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.124418020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.175353050 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.237138987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237166882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237175941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237184048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237191916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237205982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237215042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237225056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.237509966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.238259077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.238312960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.238364935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.351553917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351607084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351680040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351713896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351748943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351782084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351799011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.351799011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.351815939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351847887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351877928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.351882935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.351896048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.394198895 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.465121984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.465142965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.465168953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.465184927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.465200901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.465210915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.465225935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.465300083 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.465533972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.466182947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.466206074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.466223001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.466340065 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.466340065 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.578659058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.578684092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.578700066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.578707933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.578994989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.579024076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.579040051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.579076052 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.579076052 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.579282999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.579308987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.579324961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.579343081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.579431057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.579432011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.628643990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.692347050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692389011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692445040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692480087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692508936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692540884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.692540884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.692557096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692609072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692610025 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.692643881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692678928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692691088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.692711115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692749023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.692759037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.737871885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.806186914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806221962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806238890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806253910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806257010 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.806269884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806286097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806289911 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.806322098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806328058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.806360006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.806404114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.807293892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.847328901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.930941105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931006908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931042910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931077003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931083918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.931113005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931123018 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.931145906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931180954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931189060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.931214094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931251049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:26.931257963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:26.972214937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.043999910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044023037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044032097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044039011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044054985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044229984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.044370890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044416904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044433117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044450045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.044464111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.044549942 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.157807112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.157856941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.157886028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.157927036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.157944918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.157959938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.157993078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.158025026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.158061028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.158128023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.158128023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.206760883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.282087088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282108068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282124043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282140017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282155991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282207012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282255888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.282255888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.282255888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.282517910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282537937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282555103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282571077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:27.282578945 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:27.282618046 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.369844913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.369923115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.369959116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.369992971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370028973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370040894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370040894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370093107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370127916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370160103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370162964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370198965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370223999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370229959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370261908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370285988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370296955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370306969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370331049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370363951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370389938 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370397091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370430946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370448112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370517015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370552063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370587111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370620012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.370678902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370678902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370678902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.370845079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.371026993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.375699043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.375750065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.375788927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.375865936 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.375879049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.375920057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.375999928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.376255035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.376288891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.376322031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.376353025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.376386881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.376446962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.376446962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.376446962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.377038002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.377072096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.377104998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.377136946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.377147913 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.377170086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.377182961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.377976894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.378032923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.378065109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.378082037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.378118038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.378145933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.378153086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.378204107 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.379030943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.379081011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.379115105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.379143000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.379146099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.379179955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.379189014 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.379996061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.380047083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.380064964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.380080938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.380114079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.380131006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.380147934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.380202055 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.381023884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.381076097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.381109953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.381124973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.381143093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.381175041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.381185055 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.381989956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.382039070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.382052898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.382071972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.382105112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.382118940 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.382138968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.382190943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.382920027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.382973909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.383006096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.383039951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.383039951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.383099079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.383738041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.383789062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.383835077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.384166002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.384218931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.384267092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.384270906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.384300947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.384332895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.384367943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.385190964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.385222912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.385252953 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.385255098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.385299921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.385720968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.385754108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.385787010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.385817051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.385823965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.385873079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.419462919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419513941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419549942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419584036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419617891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419656038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419692039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419727087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.419734001 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.419734001 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.419761896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.420123100 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.532538891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532591105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532653093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532686949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532720089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532749891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.532756090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532749891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.532788992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532819986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.532824993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532857895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532867908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.532893896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.532972097 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.646513939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646559954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646619081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646656990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646689892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646708012 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.646708965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.646724939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646758080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646781921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.646795034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646827936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646862030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.646864891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.646913052 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.760421038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760474920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760512114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760545969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760579109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760612965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760651112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760658026 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.760683060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760720015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.760720968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.760746002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.816173077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.874172926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874203920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874217033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874223948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874233007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874238968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874245882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874250889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874258995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874269009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.874483109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.987837076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987862110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987876892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987890959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987906933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987921953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987932920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.987937927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987934113 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.987953901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.987971067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:28.988006115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:28.988006115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.035016060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.101644993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101715088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101732969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101748943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101766109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101782084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101800919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101815939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.101836920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.102116108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.215086937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215179920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215214014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215249062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215277910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215281963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.215311050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215344906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215368986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.215368986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.215378046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215425968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.215462923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215507030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.215552092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.328672886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328697920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328715086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328730106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328746080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328761101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328777075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328792095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328808069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.328864098 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.328865051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.328865051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.378561974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.442403078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442426920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442445040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442460060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442476034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442492008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442509890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442526102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442542076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.442605972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.442605972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.442605972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.442605972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.555737972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555763006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555778980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555794001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555809975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555824995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555840969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555851936 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.555855989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.555871964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.556113005 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.556113005 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.597384930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.676804066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676829100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676856041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676872015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676888943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676906109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.676918983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676935911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676951885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676958084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.676958084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.676970005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.676994085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.722347021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.802992105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803041935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803076982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803109884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803142071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803174973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803204060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.803209066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803205013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.803244114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803275108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.803282976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.803303003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.847207069 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.916665077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916712046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916769981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916805983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916838884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916858912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.916858912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.916872978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916906118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916935921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.916940928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916973114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.916989088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:29.917010069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:29.917056084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.030116081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030150890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030169964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030194044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030209064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030224085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030237913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030253887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030268908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030282974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.030283928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.030283928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.030283928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.030333996 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.030333996 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.143902063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144001961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144038916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144072056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144105911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144105911 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.144138098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144174099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144177914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.144177914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.144207001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144243002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.144251108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.191063881 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.257819891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.257869959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.257905960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.257937908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.257972956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.258004904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.258021116 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.258021116 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.258042097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.258074045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.258089066 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.258107901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.258115053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.258172035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.258215904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.371257067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371356964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371419907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371431112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.371454954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371490955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371499062 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.371522903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371557951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371592045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371629953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.371814966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.371814966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.425446033 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.484834909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.484924078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.484958887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.484993935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.485025883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.485027075 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.485059977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.485095024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.485097885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.485097885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.485130072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.485162973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.485172987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.534780025 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.600358009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600402117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600439072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600474119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600507021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600522041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.600522041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.600542068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600574017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600590944 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.600610018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600644112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600649118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.600682020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.600723028 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.712425947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712452888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712476015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712497950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712518930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712541103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712562084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712584972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712593079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.712593079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.712593079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.712605000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712627888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.712690115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.712691069 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.826754093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.826797962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.826833963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.826868057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.826905012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.826940060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.826952934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.826952934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.826973915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.827008963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.827022076 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.827043056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.827074051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.827076912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.827136993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.939619064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939666986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939702988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939738035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939770937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939804077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939809084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.939810038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.939836025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939870119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939878941 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.939903021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939913988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:30.939937115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:30.939982891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.053451061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053502083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053539991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053575039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053610086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053644896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053674936 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.053678989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053711891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053739071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.053747892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.053754091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.097235918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398200035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398294926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398330927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398400068 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398417950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398452997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398479939 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398489952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398521900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398529053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398555994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398587942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398600101 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398619890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398654938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398669004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398689985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398700953 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398721933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398756027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398762941 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398787975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398818970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398829937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398853064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398885012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398890018 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.398920059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.398962975 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.399050951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.399091959 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.406379938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406429052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406465054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406490088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.406497955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406533957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406541109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.406569004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406603098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406610012 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.406636953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406672001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.406677961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.456701994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.520065069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520107985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520126104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520134926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520142078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520149946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520165920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520178080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520193100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.520206928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.520292044 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.633991003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634013891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634028912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634043932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634058952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634073019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634087086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634104013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.634110928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.634177923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.634177923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.634186983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.675393105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.747708082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747739077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747773886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747816086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747848988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747880936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747914076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747946978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.747956038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.747956038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.747956038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.747982979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.748028994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.800558090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.861382008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861466885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861521006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861553907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861589909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861598015 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.861598015 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.861627102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861661911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861673117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.861695051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861735106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.861741066 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.909849882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.975074053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975125074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975179911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975213051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975248098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975281954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975289106 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.975289106 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.975317001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975353003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975358963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:31.975421906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:31.975425005 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.019213915 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.096415997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096486092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096522093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096554995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096620083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096654892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096659899 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.096659899 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.096690893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096719980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096739054 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.096752882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096766949 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.096788883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.096837997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.209934950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.209959984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.209976912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.209990978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.210006952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.210031033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.210046053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.210059881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.210076094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.210092068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.210130930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.210131884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.210131884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.210232019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.323848963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.323919058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.323956013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.323988914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.324013948 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.324023962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.324057102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.324090004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.324121952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.324161053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.324189901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.324193954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.324193954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.324193954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.324238062 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.437175035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437206030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437222958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437237024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437252045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437266111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437280893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437294960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437311888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.437366962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.437366962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.777725935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777764082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777779102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777801991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777818918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777833939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777832985 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.777848959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777863026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777870893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.777878046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777885914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.777893066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.777920961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.777949095 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778491974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778517008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778539896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778543949 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778553963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778568983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778583050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778592110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778598070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778611898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778626919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778634071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778640985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778656006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778661966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778671026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778676987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778686047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778700113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778704882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778717041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778733015 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778769016 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.778877020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778923988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778939009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.778965950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.779170990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.779253006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.892390966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892462015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892498016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892532110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892566919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892587900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.892587900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.892601013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892635107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892671108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892678022 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.892709017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:32.892719984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:32.941088915 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.006293058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006342888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006380081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006412983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006453991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006493092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.006496906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006493092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.006541967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006572008 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.006578922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006618023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.006628036 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.050364017 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.119332075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119364023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119379997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119452953 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.119556904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119573116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119586945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119597912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.119602919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119616985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119637012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119649887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.119666100 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.119667053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.119688988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.233520031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233570099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233603954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233658075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233688116 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.233691931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233721972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.233724117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233760118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233789921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.233793020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233901978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233938932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.233942986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.233989954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.346602917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346626043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346652031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346668959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346683025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346699953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346715927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346746922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.346776962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.346807957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346826077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346843004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.346990108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.346990108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.460249901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460273981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460290909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460320950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460339069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460355997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460372925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460387945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460407019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.460418940 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.460419893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.460505009 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.574157953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574183941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574199915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574215889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574232101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574246883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574265957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574284077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.574357986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.574357986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.574357986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.574615955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.628645897 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.687887907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687912941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687922001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687928915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687937021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687944889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687953949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687961102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.687969923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.688262939 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.801434994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801486969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801522970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801556110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801578045 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.801592112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801616907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.801625967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801642895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801659107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801677942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.801820040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.847306013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.914589882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914705992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914724112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914740086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914756060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914772034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914783001 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.914788008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914803982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914822102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:33.914828062 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.914854050 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:33.956605911 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.029009104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029062033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029097080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029161930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.029165030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029201031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029233932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029253006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029288054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029310942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.029377937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.029377937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.081727982 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.142113924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142164946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142200947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142235041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142266035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.142301083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142316103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.142335892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142369986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142404079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142438889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.142556906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.142556906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.255978107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256028891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256063938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256098032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256130934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256162882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256180048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.256180048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.256196976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256228924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256258965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.256264925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.256319046 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.369761944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370027065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370052099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370069027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370085001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370100021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370115995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370131969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370148897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.370196104 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.370197058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.370197058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.370197058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.425350904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.483129978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483443975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483468056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483485937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483503103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483519077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483520985 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.483534098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483550072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483566046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.483635902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.483635902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.483635902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.597014904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597040892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597057104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597064972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597073078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597080946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597096920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597104073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597121954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.597184896 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.644228935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.710300922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710449934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710469007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710488081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710504055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710500002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.710515022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710520983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710547924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710563898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710578918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.710587978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.710618019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.710618973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.710618973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.824264050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824333906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824369907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824403048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824436903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824470043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824475050 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.824475050 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.824502945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824537039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824544907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.824573994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.824579000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.878597975 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.937685013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937717915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937736034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937751055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937767982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937786102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937803030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937818050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937828064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.937828064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.937828064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.937834024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:34.937868118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:34.987832069 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.051629066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051680088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051716089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051726103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.051749945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051784039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051790953 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.051816940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051851988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051853895 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.051884890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.051918983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.051919937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.097204924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.177661896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177716970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177752972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177793980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177829981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177864075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177897930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177901030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.177901030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.177931070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177966118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.177977085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.177977085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.222347975 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.266755104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291002035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291038036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291090012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291121960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291153908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291184902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291210890 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.291210890 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.291210890 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.291218996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291268110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291284084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.291301012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.291347027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.404664993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404737949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404772043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404803991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404830933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.404838085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404865980 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.404870987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404906988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404941082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.404977083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.405004978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.405109882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.405109882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.405109882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.518043995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518114090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518150091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518203974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518269062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518266916 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.518266916 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.518301964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518336058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518347979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.518369913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518403053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518415928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.518439054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.518481970 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.631867886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.631916046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.631951094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.631968021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.631983995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.632016897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.632041931 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.632049084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.632081985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.632083893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.632114887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.632148981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.632152081 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.675431013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.753485918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753536940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753571033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753603935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753628016 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.753640890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753659010 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.753674984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753707886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753716946 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.753741026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753774881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.753781080 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.800522089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.867505074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867557049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867590904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867624044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867662907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867695093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867729902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867731094 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.867731094 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.867763042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867805958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.867813110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.867813110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.909881115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.980722904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.980776072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.980812073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.980846882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.980880022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.980911016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.980945110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.980962992 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.980962992 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.980962992 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:35.980978012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.981014013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:35.981041908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.034858942 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.093841076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.093863964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.093882084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.093939066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.093966961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.093976974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.093976974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.093983889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.094001055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.094016075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.094029903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.094028950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.094047070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.094053984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.094263077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.208375931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208399057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208408117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208415031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208421946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208429098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208436966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208444118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208457947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.208774090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.322004080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322074890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322139025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322173119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322208881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322238922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322271109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322303057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322333097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322334051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.322334051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.322335005 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.322365046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322400093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.322632074 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.322632074 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.362951040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.435627937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435677052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435714006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435748100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435781956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435810089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.435815096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435874939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435908079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435940027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.435940981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.435976028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.436043978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.549089909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549112082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549129963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549139023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549154997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549170017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549184084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549199104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549212933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549228907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.549278021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.549318075 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.663901091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.663949013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.663964033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.663981915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.663997889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.664012909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.664028883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.664045095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.664061069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.664096117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.664096117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.664096117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.664097071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.706680059 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.781164885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781212091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781249046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781332970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781332016 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.781368017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781405926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781409979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.781440020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781472921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.781475067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781507969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781527996 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.781548023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.781619072 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.890800953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.890846968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.890883923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.890939951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.890974045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.891006947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.891025066 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.891025066 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.891041040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.891073942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.891107082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.891141891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:36.891148090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.891149044 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:36.891233921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.004683018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004709005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004724979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004741907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004756927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004772902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004787922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004813910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004827976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004844904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.004930973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.004930973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.004930973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.004931927 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.117950916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.117975950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.117994070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118009090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118029118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118041992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118057013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118072987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118088961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118103981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.118143082 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.118144035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.118144035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.118144035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.230655909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230701923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230721951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230740070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230756998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230773926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230789900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230807066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230839968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230873108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.230988979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.230989933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.349037886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349090099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349128008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349162102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349195957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349227905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349250078 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.349251032 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.349260092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349292040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.349333048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.349334002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.349359989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.394196987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.457990885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458034992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458070040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458103895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458137989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458141088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.458173037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458173990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.458205938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458219051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.458240986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458271980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458306074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.458462954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.458462954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.571702003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.571748018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.571784019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.571824074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.571857929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.571913004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.571938038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.571938038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.571945906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.571980953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.572012901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.572029114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.572029114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.572047949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.572102070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.685235023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685302973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685338020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685390949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685419083 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.685425997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685448885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.685458899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685506105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.685509920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685542107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685575008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685591936 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.685609102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.685650110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.807497978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807511091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807533026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807549953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807565928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807580948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807579041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.807600021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807625055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807640076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807642937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.807642937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.807656050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.807668924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.807688951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.927942991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928011894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928046942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928081036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928085089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.928113937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928119898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.928147078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928181887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928194046 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.928214073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928248882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:37.928252935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:37.972224951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.041585922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041608095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041636944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041654110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041670084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041687012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041701078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041717052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041732073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041747093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.041785002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.041785002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.041785002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.041785002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.041785002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.155545950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155599117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155637026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155669928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155695915 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.155704021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155730009 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.155738115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155771017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155781031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.155806065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155837059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.155873060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.156033993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.156033993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.269192934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269289017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269376993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269411087 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.269412994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269448996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269476891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.269484043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269515991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269532919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.269551039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269584894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269594908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.269619942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.269661903 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.383007050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383059978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383095980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383128881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383162022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383196115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383214951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.383234978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383269072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383277893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.383305073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.383327961 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.425440073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.496671915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496722937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496757984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496793032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496825933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496834040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.496834040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.496859074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496891022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496905088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.496923923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496961117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.496988058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.550493002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.610028982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610104084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610140085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610173941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610203981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.610208988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610234022 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.610241890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610275984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610285044 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.610308886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610341072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610377073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.610486031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.610486031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.723697901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.723767042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.723802090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.723834991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.723836899 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.723867893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.723874092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.723901033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.723938942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.723970890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.724005938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.724057913 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.724057913 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.769211054 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.837766886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.837827921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.837863922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.837897062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.837907076 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.837929964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.837940931 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.837964058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.837996960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.838028908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.838063955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.838131905 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.838131905 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.878604889 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.951246977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951297045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951332092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951364040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951419115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.951419115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.951476097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951508999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951541901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951570988 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:38.951575041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951615095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:38.951617002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.003585100 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.065567017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065618038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065654993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065687895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065722942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065757036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065768003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.065768957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.065792084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065823078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065836906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.065855026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065864086 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.065918922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.065968990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.178678989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178754091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178790092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178822041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178855896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178864956 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.178864956 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.178889036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178921938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178930998 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.178953886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.178992033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.179028988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.179163933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.179163933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.292613983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292642117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292658091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292674065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292689085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292705059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292720079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292733908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292749882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.292767048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.292767048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.292809010 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.441647053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.441694021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.441889048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.442080975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442128897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442164898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442198038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442229986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442250967 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.442250967 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.442262888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442295074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442327023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.442332029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.442393064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.577826023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.577896118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.577930927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.577965975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.577965021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.578000069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.578027964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.578035116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.578072071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.578082085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.578123093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.578166008 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.578176975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.578214884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.578258991 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.691767931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.691812038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.691847086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.691879988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.691911936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.691942930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.691975117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.691992998 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.691993952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.691993952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.692008018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.692039967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.692073107 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.692075968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.692126036 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.805294037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805362940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805381060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805396080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805412054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805427074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805422068 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.805443048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805457115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805470943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805483103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.805494070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.805494070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.805522919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.805522919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.918664932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918683052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918693066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918697119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918701887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918710947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918720961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918730021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918739080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:39.918864965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:39.918864965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.032586098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032635927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032672882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032706022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032722950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032738924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032754898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032771111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032788992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.032835007 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.032919884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.146723986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146773100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146811008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146846056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146878958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146913052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146949053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146981955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.146981955 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.146982908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.146982908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.147017956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.147056103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.191225052 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.260231018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260255098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260272026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260287046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260303020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260318995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260334015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260349989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260368109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.260396957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.260397911 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.260397911 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.260397911 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.316128969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.373744965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373779058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373796940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373811960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373828888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373843908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373859882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373874903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373893023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.373958111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.373959064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.373959064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.425359011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.488612890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488666058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488701105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488734007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488759041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.488769054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488801003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488818884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.488836050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488869905 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.488871098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488908052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.488925934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.534853935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.627446890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627496004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627532005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627563000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627563953 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.627603054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627616882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.627635956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627670050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627685070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.627701998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627737999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.627748013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.675357103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.715137959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715209007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715244055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715281963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715317965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715317011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.715352058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715379000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.715415001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715428114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.715456963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715495110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715507984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.715523958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.715569973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.828293085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828315973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828331947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828347921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828373909 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.828411102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.828454018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828506947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828522921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828546047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.828573942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828591108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.828612089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.878536940 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.941955090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.941994905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942162991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942162991 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.942189932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942204952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942224026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942236900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.942262888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.942271948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942286968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942303896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:40.942322969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:40.987999916 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.055450916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055583954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055597067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055632114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.055653095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055669069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055682898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055691957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.055696964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055716991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055725098 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.055732012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055747032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.055764914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.055783987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.169424057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169449091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169466019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169481039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169496059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169511080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169526100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169540882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169555902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169572115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.169598103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.169599056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.169599056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.169599056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.169701099 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.283004999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283051968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283087015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283118963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283119917 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.283155918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283173084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.283257008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283324003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283339977 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.283359051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.283436060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.283471107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.331763983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.396725893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396747112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396764040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396778107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396795034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396797895 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.396810055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396826029 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.396826982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396841049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396858931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.396861076 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.396883965 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.440967083 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.510586023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510607958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510631084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510641098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510648966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510657072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510664940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510672092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510679960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510689974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.510971069 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.624052048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624119043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624155045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624180079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.624187946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624222040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624229908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.624254942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624289989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624299049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.624321938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624357939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.624365091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.675426006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.738017082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738065958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738100052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738132000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738166094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738198042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738231897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738244057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.738244057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.738244057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.738266945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738302946 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.738317966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.784815073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.852128029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852226019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852261066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852294922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852312088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852318048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.852344036 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.852345943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852365017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852397919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.852399111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852433920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.852505922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.965817928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965854883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965872049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965888023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965903997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965919018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965936899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965953112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965953112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.965970039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:41.965997934 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:41.966007948 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.079092026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079142094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079178095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079197884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.079210043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079242945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079257011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.079277039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079309940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079341888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079377890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.079493999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.079493999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.128470898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.192687988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192740917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192776918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192810059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192843914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192876101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192909956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192944050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192979097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.192996979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.192996979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.192996979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.192996979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.237943888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.306401014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306440115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306456089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306471109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306485891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306502104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306518078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306557894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.306557894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.306557894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.306626081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.306771994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.306858063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.350466967 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.419805050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419838905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419855118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419872046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419888020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419903040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419908047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.419919014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419934988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419951916 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.419958115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.419971943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.472388029 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.533665895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533718109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533755064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533787966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533821106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533854008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533860922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.533860922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.533894062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533904076 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.533926964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.533967018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.534081936 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.581724882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.647532940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647583961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647619963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647655010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647690058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647722006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647730112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.647730112 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.647757053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647764921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.647797108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.647835016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.648020983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.690994978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.760798931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.760848045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.760885000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.760895014 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.760917902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.760957956 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.760958910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.760992050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.761027098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.761039019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.761059999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.761096954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.761125088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.816078901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.874450922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874475002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874490976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874505997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874521971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874538898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874556065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874571085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874588013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.874649048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.874650002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.874650002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.874650002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.925456047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.988069057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988140106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988176107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988207102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.988209963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988244057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988255978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.988277912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988312960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988342047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:42.988346100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988384008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:42.988389969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.034744024 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.129977942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130112886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130134106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130151033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130165100 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.130167961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130183935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130198002 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.130198956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130215883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130227089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.130230904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.130255938 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.175343990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.257421017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257463932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257519960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257549047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.257555008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257587910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257601976 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.257643938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257677078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257689953 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.257713079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257745981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257772923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.257791042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.257838964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.381676912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381724119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381759882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381793022 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.381795883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381830931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381836891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.381865978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381899118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381926060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.381932974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381967068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.381980896 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.382004023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.382175922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.504142046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504220963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504256964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504272938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504290104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504306078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504323959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504338980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504359007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.504458904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.617559910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617630959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617671013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617703915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617732048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.617738962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617769003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617810011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617844105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617876053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617903948 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.617903948 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.617913008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.617917061 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.617960930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.731447935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731494904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731553078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731565952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.731591940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731626034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731662989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731676102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.731697083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731709003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.731731892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731765032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731801987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.731811047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.731854916 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.845036983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845127106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845146894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845165014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845196962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845211983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.845235109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845252037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.845268011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845304966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845315933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.845340014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.845347881 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.894176960 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.958848953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.958899021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.958935976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.958949089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.958970070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.959006071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.959022999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.959039927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.959074974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.959083080 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:43.959109068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.959147930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:43.959187984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.072346926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072398901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072433949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072468042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072503090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072532892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072566032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072592020 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.072592020 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.072598934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072628021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.072632074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072670937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.072679043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.073908091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.186184883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186239004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186278105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186311960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186346054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186357021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.186378956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186393976 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.186413050 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186444998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186460972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.186480045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.186490059 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.237835884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.299662113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299736023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299771070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299803972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299830914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.299838066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299865007 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.299871922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299906969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299938917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299959898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.299973965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.299982071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.347209930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.413537979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413589001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413650036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413685083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413695097 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.413718939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413748026 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.413754940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413788080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413822889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413841963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.413855076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.413876057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.413892984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.419686079 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.527301073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527436018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527470112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527492046 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.527503967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527539968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527546883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.527573109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527611971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.527627945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527662992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527697086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527704000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.527731895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.527771950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.640687943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.640789986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.640845060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.640846014 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.640881062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.640914917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.640923977 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.640952110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.640985012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.640994072 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.641020060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.641056061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.641058922 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.690994978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.754324913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754412889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754445076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754473925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.754492044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754539013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.754548073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754581928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754615068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754625082 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.754647970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754683018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754692078 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.754717112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.754759073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.868469000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868578911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868596077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868612051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868628979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868644953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868642092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.868660927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868676901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.868678093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.868700981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.868722916 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.868793964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.909751892 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.982928991 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983000994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983040094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983062029 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.983076096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983109951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983125925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.983143091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983176947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983190060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:44.983211040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983247042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:44.983258963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.034718990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.095779896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.095875025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.095910072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.095943928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.095943928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.095977068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.096004963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.096010923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.096043110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.096070051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.096077919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.096112013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.096129894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.144083023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.209408998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209482908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209518909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209548950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.209574938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209611893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209624052 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.209649086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209683895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209712982 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.209713936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209747076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209760904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.209784985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.209829092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.339452028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339519024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339554071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339582920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.339586973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339620113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339644909 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.339656115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339692116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339704990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.339724064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339761019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.339771032 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.394113064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.453092098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453138113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453198910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453226089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.453236103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453269958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453283072 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.453305960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453339100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453350067 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.453373909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453406096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453419924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.453440905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.453481913 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.566685915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566747904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566785097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566808939 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.566819906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566854954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566879034 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.566889048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566922903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566936970 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.566957951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.566993952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.567008972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.612854004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.680394888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680447102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680480957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680505037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.680515051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680551052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680567026 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.680586100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680620909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680638075 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.680658102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680696011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.680708885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.722186089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.793741941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.793787956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.793823957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.793829918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.793859959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.793895006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.793908119 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.793927908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.793962955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.793968916 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.793998003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.794034958 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.794472933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.795281887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.795336008 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.907470942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907542944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907578945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907604933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.907613993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907649040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907659054 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.907682896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907717943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907733917 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.907752037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907793999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:45.907804966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:45.956589937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.021155119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021224022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021260023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021275997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.021292925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021328926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021342039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.021363020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021397114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021409035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.021430969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021469116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.021480083 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.065979004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.303783894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.303848982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.303885937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.303914070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.303920984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.303957939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.303963900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.303992033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304028034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304038048 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.304061890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304095030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304100990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.304130077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304162979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304172039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.304195881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304208040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.304230928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304264069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304275990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.304299116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304330111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304338932 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.304364920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304399014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304409027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.304433107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304470062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.304476976 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.347212076 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.362123966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362164021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362217903 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.362222910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362278938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362318039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.362332106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362368107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362401009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362412930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.362435102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362468004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362500906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.362505913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.362551928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.476296902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476349115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476385117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476417065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476438999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.476452112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476479053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.476485014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476520061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476535082 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.476552963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476588964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.476598978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.519090891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.599452972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599504948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599544048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599575043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.599577904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599613905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599631071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.599653006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599685907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599698067 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.599720955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599759102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.599759102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.644097090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.703078985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703108072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703125000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703155041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703171015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703178883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.703186989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703202963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703210115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.703217983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703228951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.703236103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.703253031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.753488064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.817542076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817595959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817629099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817682981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817696095 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.817715883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817738056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.817748070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817786932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817812920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.817817926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817851067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.817873001 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.862879992 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.930397034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930449009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930464029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930480003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930501938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930510044 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.930510044 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.930517912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930532932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930546999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930557966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.930562973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:46.930587053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:46.972220898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.044281960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044349909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044384003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044406891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.044418097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044454098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044465065 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.044487000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044522047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044533968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.044553995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044589996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.044600010 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.097214937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.157840967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.157905102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.157958031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.157958031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.158010960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.158044100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.158061981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.158078909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.158111095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.158138037 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.158145905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.158179998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.158193111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.206584930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.283787966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.283839941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.283894062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.283911943 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.283927917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.283979893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.283982992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.284017086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.284049988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.284077883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.284084082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.284116983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.284135103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.284200907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.284248114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.397448063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397490025 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397504091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397521019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397532940 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.397536039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397550106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397562027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.397566080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397583008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397588968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.397600889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.397634029 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.440960884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.511156082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511369944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511426926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511428118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.511460066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511492968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511502981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.511527061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511559963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511568069 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.511598110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511626005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.511634111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.512295961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.512342930 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.624888897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.624944925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.624983072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.625010967 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.625014067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.625050068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.625065088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.625082016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.625121117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.625133038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.625153065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.625200033 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.625210047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.675352097 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.738737106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738771915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738789082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738804102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738812923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.738821030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738846064 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738851070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.738863945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738878965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738898039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738898039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.738913059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.738922119 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.738956928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.852317095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852339983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852356911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852371931 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852389097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852401972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.852405071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852420092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852435112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852438927 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.852452993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.852458954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.852472067 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.894104004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.966217995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966243029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966264009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966272116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966280937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966295958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966310978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966325998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966344118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.966445923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:47.966939926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:47.967019081 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.079792023 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.079854965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.079890966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.079926968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.079982042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.080010891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.080044031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.080049038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.080079079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.080111027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.080149889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.080183983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.080244064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.193650961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193701982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193718910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193747044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193747997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.193763971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193780899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193794966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.193798065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193818092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193835020 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.193837881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.193866014 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.237871885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.307598114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307621956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307638884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307653904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307671070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307684898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307698011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.307701111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307715893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307734013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.307755947 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.307780027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.437582970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437618971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437635899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437650919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437673092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437676907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.437689066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437699080 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.437705994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437721968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437726021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.437737942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.437763929 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.487838984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.534703970 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534761906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534775972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534790993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534806967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534821033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534837008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534851074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.534907103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.535036087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.535052061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.535074949 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.535101891 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.648454905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648545027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648576021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648602009 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.648611069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648648977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648663044 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.648715973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648756027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.648767948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648801088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648834944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648839951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.648870945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.648910999 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.762178898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762262106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762294054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762329102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762329102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.762363911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762372971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.762398005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762433052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762440920 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.762468100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762511015 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.762518883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762550116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.762599945 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.876389980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876415968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876432896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876449108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876465082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876480103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876487017 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.876496077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876512051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876528978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.876529932 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.876574039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.925335884 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.990289927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990380049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990412951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990447998 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990458012 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.990480900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990506887 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.990514994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990547895 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990570068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990573883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:48.990586042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:48.990612984 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.034737110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.103477955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103524923 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103575945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103589058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.103610039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103645086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103671074 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.103678942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103713989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103743076 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.103745937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103777885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103802919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.103810072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.103862047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.217145920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217185974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217221975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217248917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217272043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217288017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217302084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217319012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217333078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217348099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.217381954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.217430115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.333415031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333447933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333460093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333475113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333491087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333499908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.333520889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333534002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333544970 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.333550930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333564043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333568096 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.333579063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.333616972 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.333626032 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.446894884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.446928024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.446979046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447011948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447015047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.447043896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447072983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.447077036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447110891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447143078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447144985 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.447175980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447192907 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.447208881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.447271109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.560762882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.560823917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.560858011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.560890913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.560904980 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.560925007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.560935974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.560957909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.560990095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.561005116 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.561022997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.561055899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.561068058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.612898111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.674503088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674580097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674611092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674649000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.674664021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674698114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674722910 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.674731016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674763918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674777031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.674798012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674829960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674841881 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.674863100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.674911976 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.788391113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788424969 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788439989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788456917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788480997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788496971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788497925 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.788511992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788531065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788535118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.788588047 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.788614035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788702011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.788743973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.902151108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902209997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902264118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902264118 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.902297020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902328968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902345896 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.902362108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902394056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902406931 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.902430058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.902475119 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:49.902475119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:49.956598043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.015500069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015523911 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015548944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015563965 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015578985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015583992 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.015594006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015611887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015628099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015634060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.015645981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.015674114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.015674114 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.066051006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.129820108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129839897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129856110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129870892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129885912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129903078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129918098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129934072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129947901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.129970074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.130043030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.130099058 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.243098974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243187904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243222952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243256092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243254900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.243289948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243311882 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.243321896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243355036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243366957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.243410110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243443966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.243453979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.284871101 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.356343985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356388092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356451988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356477976 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.356486082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356518030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356540918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.356554031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356585979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356601000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.356620073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356653929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356663942 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.356688976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.356751919 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.470159054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470179081 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470195055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470208883 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470225096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470232964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.470238924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470268011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470271111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.470283031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470289946 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.470299006 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470314980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.470324993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.470366955 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.584230900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584275007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584290981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584306955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584316969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.584321976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584337950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584352016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584357023 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.584367990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584383011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.584388018 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.584408045 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.628472090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.697830915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697884083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697901011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697916031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697931051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697946072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697961092 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697976112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.697992086 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.698084116 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.811050892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811086893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811103106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811132908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811167002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811198950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811203003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.811233997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811255932 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.811269999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.811326027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.811410904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.862858057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.924917936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925090075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925167084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.925215960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925417900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925451994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925466061 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.925486088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925517082 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925529003 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.925551891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.925596952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:50.925604105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:50.972218990 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.038614988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038660049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038674116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038697958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038712978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038722038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.038727045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038742065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038743973 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.038758039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038772106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038786888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.038795948 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.038827896 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.152266026 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152412891 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152429104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152436018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152442932 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152461052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152484894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152489901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.152501106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152515888 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.152549982 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.206619024 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.278739929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278759956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278785944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278801918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278815031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.278817892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278835058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278841019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.278841972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278851032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.278935909 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.278990984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.279112101 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.279155016 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.392621040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392694950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392730951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392765045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392786026 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.392801046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392813921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.392833948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392867088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392875910 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.392899036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392935038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.392944098 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.441050053 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.507051945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507230997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507283926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507308960 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.507347107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507380962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507416964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.507461071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507477999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507493019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507509947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.507534981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.507637978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.620628119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.620697021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.620731115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.620758057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.620764017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.620798111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.620822906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.620883942 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.620919943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.620934963 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.620953083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.621014118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.621032953 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.675436974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.735289097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735379934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735405922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735440016 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.735445976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735460997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735476971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735486031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.735532999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735548973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735563040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.735668898 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.735670090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.849221945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849292040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849330902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849364042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849370956 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.849399090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849421024 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.849431992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849467039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849482059 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.849499941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849538088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.849550009 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.894098043 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.962670088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962697029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962795973 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962816954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962835073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962843895 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.962852001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962868929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962918997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.962918997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.962934971 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962954044 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962973118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:51.962982893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:51.963017941 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.074762106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074822903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074846983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074858904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074877977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074889898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074899912 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074911118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.074929953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.075007915 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.075160027 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.188286066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188322067 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188338995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188354015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188369989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188385010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188400984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188415051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188431978 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.188489914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.188553095 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.301893950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.301942110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.301974058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.301994085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.302004099 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.302015066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.302035093 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.302057981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.302057981 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.302077055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.302078009 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.302100897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.302119017 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.347326040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.415658951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415692091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415709972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415724039 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415739059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415751934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415749073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.415766954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415776014 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.415781975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415797949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.415819883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.415843964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.530567884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530658007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530705929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530735970 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.530750036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530795097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530838966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530883074 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530925989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530930996 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.530930996 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.530975103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.530985117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.581614017 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.642976999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.642995119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643007994 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643019915 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643035889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643047094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643059015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643064022 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.643069983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643084049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.643234968 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.756532907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756580114 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756596088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756611109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756628990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756644964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756659985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756675959 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756699085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.756840944 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.757168055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.757332087 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.870181084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870208979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870223999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870238066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870254993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870277882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870294094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870307922 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870325089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.870343924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.870604992 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.870963097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.871043921 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.984029055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984101057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984137058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984169960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984194994 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.984204054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984236002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984268904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984299898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984338999 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:52.984390974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.984390974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:52.984390974 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.034729004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.097595930 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097655058 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097688913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097702980 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.097722054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097754955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097765923 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.097794056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097826958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097855091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.097860098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.097902060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.097909927 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.144241095 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.211129904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211179972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211230993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211232901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.211261988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211294889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211308956 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.211327076 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211359024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211370945 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.211420059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211452007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211468935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.211481094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211515903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.211527109 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.253484964 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.324866056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.324911118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.324947119 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.324981928 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.324981928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.325027943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.325052977 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.325083017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.325115919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.325134039 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.325150013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.325181961 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.325197935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.325220108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.325259924 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.445133924 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445183992 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445250034 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.445372105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445408106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445465088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.445502996 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445540905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445594072 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445602894 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.445626974 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445672035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.445679903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445713043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.445771933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.559094906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559123993 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559149981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559165955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559180975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559191942 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.559196949 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559211016 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559227943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559230089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.559251070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.559269905 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.559286118 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559315920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.559356928 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.672780037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672805071 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672822952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672838926 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672854900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672862053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672869921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672877073 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.672894001 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.673063993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.673064947 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.786179066 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786233902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786271095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786304951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.786345005 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786395073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.786396980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786432028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786463976 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786487103 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.786497116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786531925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.786542892 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.831612110 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.900057077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900113106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900146008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900178909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900185108 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.900213003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900223017 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.900244951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900278091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900290966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.900310040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900345087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:53.900352955 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:53.941003084 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.013818979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.013871908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.013911963 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.013926983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.013945103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.013978958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.013991117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.014012098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.014045000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.014060020 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.014079094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.014116049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.014126062 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.065964937 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.127362013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127433062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127490997 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127500057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.127526045 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127558947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127573013 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.127597094 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127629042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127648115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.127666950 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127700090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127723932 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.127734900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127784967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.127788067 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.175348997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.241122007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241168022 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241202116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241233110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241235018 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.241266012 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241297007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241301060 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.241332054 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241357088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.241363049 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241396904 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.241420031 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.284781933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.355340004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355420113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355463982 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355499983 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355511904 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.355534077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355570078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355573893 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.355606079 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355637074 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.355643034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355676889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.355693102 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.409742117 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.468514919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468584061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468619108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468645096 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.468652964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468688011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468700886 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.468720913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468755007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468764067 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.468786955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468822956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.468842983 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.519288063 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.581729889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.581772089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.581826925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.581836939 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.581881046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.581913948 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.581942081 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.581948042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.581980944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.582009077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.582012892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.582043886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.582072020 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.582078934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.582123995 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.695240021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695297956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695333004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695348024 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.695365906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695417881 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.695420027 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695451975 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695485115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695512056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.695523977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.695595980 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.695646048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.737858057 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.808857918 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.808917046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.808975935 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.808984995 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.809030056 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.809062004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.809087038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.809096098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.809129000 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.809145927 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.809161901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.809195042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.809211969 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.862873077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.922635078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.922739029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.922791958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.922805071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.922830105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.922863960 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.922883987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.922899008 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.922950029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.922975063 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.922985077 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.923017979 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:54.923038006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:54.972266912 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.036528111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036595106 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036653042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036658049 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.036709070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036758900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036765099 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.036793947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036827087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036854029 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.036860943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036900043 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.036925077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.081613064 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.150530100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150556087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150572062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150588036 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150604010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150619030 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150635004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150650024 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150666952 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.150762081 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.150762081 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.191118956 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.264013052 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264034986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264051914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264080048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264095068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264111042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264126062 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264143944 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264157057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264174938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.264252901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.264252901 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.264254093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.391884089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.391930103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.391987085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392024040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392030954 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.392057896 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392091990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392095089 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.392123938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392153025 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.392158031 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392190933 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392226934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.392227888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.392342091 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.505726099 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505759954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505776882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505791903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505809069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505824089 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505839109 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505846977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505865097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.505894899 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.505975008 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.550524950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.619373083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619451046 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619510889 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619545937 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619549036 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.619577885 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619611025 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.619613886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619659901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619699955 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619716883 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.619729042 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619760990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619781971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.619800091 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.619827986 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.659821987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.733159065 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733213902 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733247995 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733279943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733295918 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.733313084 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733333111 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.733345032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733377934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733392000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.733409882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733442068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.733457088 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.784873962 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.846836090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.846900940 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.846935987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.846967936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.846999884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.847032070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.847064972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.847078085 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.847095966 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.847130060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.847160101 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.847263098 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.960247040 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960314989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960350037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960371017 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.960382938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960414886 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960431099 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.960453033 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960505009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960509062 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:55.960539103 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960572958 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:55.960589886 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.003568888 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.074532032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074580908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074616909 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074651003 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074681997 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.074687004 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074721098 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074749947 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.074755907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074784040 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.074789047 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074826956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.074840069 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.128525019 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.187671900 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187726021 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187783957 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.187792063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187829018 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187863111 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187872887 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.187896967 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187931061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187943935 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.187963009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.187999010 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.188008070 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.237859011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.301501989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301541090 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301592112 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301624060 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301659107 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301691055 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301723957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301755905 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301780939 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.301790953 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.301855087 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.301902056 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.415189981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415247917 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415282011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415314913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415316105 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.415350914 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415374041 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.415381908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415443897 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415469885 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.415478945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415510893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415538073 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.415546894 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.415594101 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.528606892 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528659105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528697968 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528748035 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.528776884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528830051 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528836966 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.528866053 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528899908 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528934956 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528970957 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.528989077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.528989077 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.581604004 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.643456936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643495083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643511057 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643527985 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643542051 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.643546104 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643567085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643579006 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.643584013 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643600941 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.643608093 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.643642902 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.644048929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.691015005 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.757138014 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757172108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757198095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757215977 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757231951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757229090 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.757247925 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757263899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757282019 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.757288933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.757288933 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.757328987 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.757489920 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.800364971 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.871002913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871077061 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871093988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871109009 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871123075 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871138096 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871153116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871167898 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871182919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.871207952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.871243000 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.984615088 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984683990 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984719038 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984750986 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984755993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.984785080 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984813929 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.984813929 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984847069 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984860897 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.984882116 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.984925985 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:56.986145020 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.986179113 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:56.986233950 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.098099947 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098165989 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098200083 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098233938 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098268032 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098300934 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098332882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098365068 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098364115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.098401070 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.098426104 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.098488092 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.215468884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215496063 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215512037 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215518951 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215528011 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215544939 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215615988 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215631962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215703011 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.215708017 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215761900 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.215766907 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.215879917 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.335664034 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335685015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335700035 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335714102 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335772038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.335805893 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335822105 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335832119 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.335839987 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335855007 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335865021 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.335870981 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.335899115 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.378535032 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.454349041 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454365015 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454387903 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454441071 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.454564095 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454579115 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454592943 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454607964 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454622030 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.454622984 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.454663038 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.454687119 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.455554962 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.455570936 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.455631018 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.578603029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578645945 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578661919 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578679085 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578687906 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.578692913 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578708887 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578716993 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.578725100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578739882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578748941 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.578757048 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.578783989 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.628552914 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.692403078 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692424059 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692447901 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692462921 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692480087 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692487001 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.692495108 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692509890 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692524910 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692532063 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.692554951 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.692567110 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.692574978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.737869978 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.806164980 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.806183100 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.806197882 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.806236982 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.806269884 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.806286097 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.806301117 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.806315899 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.806319952 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.806339979 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.808743954 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.808760881 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.808798075 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.862958908 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.919965029 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.920049906 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.920063972 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.920128107 CEST497478686192.168.2.445.137.222.18
                                    Oct 12, 2024 16:38:57.920140028 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.920156002 CEST86864974745.137.222.18192.168.2.4
                                    Oct 12, 2024 16:38:57.920170069 CEST86864974745.137.222.18192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Oct 12, 2024 16:38:08.838469982 CEST192.168.2.41.1.1.10x6948Standard query (0)contr.netmows.comA (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:48.295479059 CEST192.168.2.41.1.1.10x84e9Standard query (0)contr.netmows.comA (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:53.704746962 CEST192.168.2.41.1.1.10xb04fStandard query (0)ddns.oray.comA (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:54.889869928 CEST192.168.2.41.1.1.10x7827Standard query (0)pool.autocoreb.comA (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:40:47.679919004 CEST192.168.2.41.1.1.10xdafaStandard query (0)contr.netmows.comA (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:41:47.934832096 CEST192.168.2.41.1.1.10x37e4Standard query (0)contr.netmows.comA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Oct 12, 2024 16:38:08.872956038 CEST1.1.1.1192.168.2.40x6948No error (0)contr.netmows.com45.137.222.18A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:48.368310928 CEST1.1.1.1192.168.2.40x84e9No error (0)contr.netmows.com45.137.222.18A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:53.943770885 CEST1.1.1.1192.168.2.40xb04fNo error (0)ddns.oray.com114.215.199.192A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:53.943770885 CEST1.1.1.1192.168.2.40xb04fNo error (0)ddns.oray.com114.215.189.130A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:55.073591948 CEST1.1.1.1192.168.2.40x7827No error (0)pool.autocoreb.com116.202.251.6A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:55.073591948 CEST1.1.1.1192.168.2.40x7827No error (0)pool.autocoreb.com141.255.164.11A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:39:55.073591948 CEST1.1.1.1192.168.2.40x7827No error (0)pool.autocoreb.com116.202.251.16A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:40:47.704205990 CEST1.1.1.1192.168.2.40xdafaNo error (0)contr.netmows.com45.137.222.18A (IP address)IN (0x0001)false
                                    Oct 12, 2024 16:41:48.116074085 CEST1.1.1.1192.168.2.40x37e4No error (0)contr.netmows.com45.137.222.18A (IP address)IN (0x0001)false

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.450024114.215.199.192804296C:\Program Files (x86)\Microsoft Network\HelpSystem.exe
                                    TimestampBytes transferredDirectionData
                                    Oct 12, 2024 16:39:53.957799911 CEST99OUTGET /checkip HTTP/1.1
                                    User-Agent: WinInetGet/0.1
                                    Host: ddns.oray.com
                                    Cache-Control: no-cache
                                    Oct 12, 2024 16:39:54.910218000 CEST171INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Sat, 12 Oct 2024 14:39:54 GMT
                                    Content-Type: text/html
                                    Content-Length: 31
                                    Connection: keep-alive
                                    Data Raw: 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33
                                    Data Ascii: Current IP Address: 8.46.123.33


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:10:38:01
                                    Start date:12/10/2024
                                    Path:C:\Users\user\Desktop\R4WCgDAfHB.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\R4WCgDAfHB.exe"
                                    Imagebase:0x3b0000
                                    File size:422'352 bytes
                                    MD5 hash:8595A9CECBAC3BD363C30C7AB2BEC849
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:1
                                    Start time:10:38:06
                                    Start date:12/10/2024
                                    Path:C:\Windows\SystemNvwmiShell\NvwmiShell.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\SystemNvwmiShell\NvwmiShell.exe"
                                    Imagebase:0x880000
                                    File size:79'073'664 bytes
                                    MD5 hash:FC4FBC1A020E2DC3D073C666684B5C6A
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Antivirus matches:
                                    • Detection: 100%, Avira
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:2
                                    Start time:10:38:07
                                    Start date:12/10/2024
                                    Path:C:\Windows\SystemNvwmiShell\NvwmiShell.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SystemNvwmiShell\NvwmiShell.exe
                                    Imagebase:0x880000
                                    File size:79'073'664 bytes
                                    MD5 hash:FC4FBC1A020E2DC3D073C666684B5C6A
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000002.00000003.2738458849.000000000275E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: Linux_Trojan_Pornoasset_927f314f, Description: unknown, Source: 00000002.00000003.2738458849.0000000002163000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:7
                                    Start time:10:39:48
                                    Start date:12/10/2024
                                    Path:C:\Windows\SysWOW64\cmd.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\System32\cmd.exe" /c netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"
                                    Imagebase:0x240000
                                    File size:236'544 bytes
                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:8
                                    Start time:10:39:48
                                    Start date:12/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:9
                                    Start time:10:39:48
                                    Start date:12/10/2024
                                    Path:C:\Windows\SysWOW64\netsh.exe
                                    Wow64 process (32bit):true
                                    Commandline:netsh advfirewall firewall add rule dir=in action=block protocol=tcp localport=445 name="CloseSMB"
                                    Imagebase:0x1560000
                                    File size:82'432 bytes
                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:10
                                    Start time:10:39:52
                                    Start date:12/10/2024
                                    Path:C:\Program Files (x86)\Microsoft Network\HelpSystem.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Program Files (x86)\Microsoft Network\HelpSystem.exe" 1
                                    Imagebase:0x400000
                                    File size:89'349'120 bytes
                                    MD5 hash:34B640C3E7AE045FE1F156B755BB0BE7
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Antivirus matches:
                                    • Detection: 100%, Avira
                                    • Detection: 100%, Joe Sandbox ML
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:11
                                    Start time:10:39:52
                                    Start date:12/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false

                                    General

                                    Target ID:12
                                    Start time:10:39:54
                                    Start date:12/10/2024
                                    Path:C:\Program Files (x86)\Microsoft Network\Network64.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files (x86)\Microsoft Network\Network64.exe" Yde5fFJFjShqKS+u9okdyvP/pj9kg/bQNXV+USrRGaecQs8AdtikoR9wVLreBlqoPAFr/LRRDydtLzX5YzQgQ1GCivTcd3opL1Xfv4SzrZQOBZVgTwOiPgknymhzPAuX3kaHX0i00NQybzCyaJaj7nJOK0DHJVp09YDF1A==
                                    Imagebase:0x400000
                                    File size:97'341'952 bytes
                                    MD5 hash:A09B6784FF89670772817524BFE41A76
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000C.00000002.4141872839.00000000009EA000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                    • Rule: Linux_Trojan_Pornoasset_927f314f, Description: unknown, Source: 0000000C.00000001.2805127434.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Author: unknown
                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000C.00000000.2804854911.00000000009EA000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                    • Rule: Linux_Trojan_Pornoasset_927f314f, Description: unknown, Source: 0000000C.00000002.4141120724.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Author: unknown
                                    • Rule: Linux_Trojan_Pornoasset_927f314f, Description: unknown, Source: 0000000C.00000000.2804283551.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Author: unknown
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:13
                                    Start time:10:39:54
                                    Start date:12/10/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:5.5%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:2.4%
                                      Total number of Nodes:1779
                                      Total number of Limit Nodes:71
                                      execution_graph 14746 8819ba 14748 8819c2 14746->14748 14749 8819e4 14748->14749 14750 88ec5f 14748->14750 14751 88ec71 14750->14751 14752 88ed12 14750->14752 14754 88ec82 14751->14754 14760 88ed0a 14751->14760 14761 88ecce RtlAllocateHeap 14751->14761 14763 88ecfe 14751->14763 14766 88ed03 14751->14766 14814 88ec10 14751->14814 14822 892064 14751->14822 14753 892064 _malloc 6 API calls 14752->14753 14755 88ed18 14753->14755 14754->14751 14768 893c63 14754->14768 14777 893ab8 14754->14777 14811 88f29d 14754->14811 14757 88fa94 __mbsnbcpy_s_l 66 API calls 14755->14757 14757->14760 14760->14748 14761->14751 14825 88fa94 14763->14825 14767 88fa94 __mbsnbcpy_s_l 66 API calls 14766->14767 14767->14760 14828 899943 14768->14828 14771 893c77 14773 893ab8 __NMSG_WRITE 67 API calls 14771->14773 14775 893c99 14771->14775 14772 899943 __set_error_mode 67 API calls 14772->14771 14774 893c8f 14773->14774 14776 893ab8 __NMSG_WRITE 67 API calls 14774->14776 14775->14754 14776->14775 14778 893acc 14777->14778 14779 899943 __set_error_mode 64 API calls 14778->14779 14810 893c27 14778->14810 14780 893aee 14779->14780 14781 893c2c GetStdHandle 14780->14781 14783 899943 __set_error_mode 64 API calls 14780->14783 14782 893c3a _strlen 14781->14782 14781->14810 14786 893c53 WriteFile 14782->14786 14782->14810 14784 893aff 14783->14784 14784->14781 14785 893b11 14784->14785 14785->14810 14851 88f551 14785->14851 14786->14810 14789 893b47 GetModuleFileNameA 14790 893b65 14789->14790 14795 893b88 _strlen 14789->14795 14792 88f551 _strcpy_s 64 API calls 14790->14792 14794 893b75 14792->14794 14794->14795 14796 8953ab __invoke_watson 10 API calls 14794->14796 14806 893bcb 14795->14806 14867 891a9a 14795->14867 14796->14795 14800 893bef 14803 88fb5a _strcat_s 64 API calls 14800->14803 14802 8953ab __invoke_watson 10 API calls 14802->14800 14805 893c03 14803->14805 14804 8953ab __invoke_watson 10 API calls 14804->14806 14807 893c14 14805->14807 14809 8953ab __invoke_watson 10 API calls 14805->14809 14876 88fb5a 14806->14876 14885 8997da 14807->14885 14809->14807 14810->14754 14936 88f272 GetModuleHandleW 14811->14936 14815 88ec1c __mtinitlocknum 14814->14815 14816 88ec4d __mtinitlocknum 14815->14816 14940 892208 14815->14940 14816->14751 14818 88ec32 14947 892a4a 14818->14947 14823 893110 __decode_pointer 6 API calls 14822->14823 14824 892074 14823->14824 14824->14751 15043 8932e3 GetLastError 14825->15043 14827 88fa99 14827->14766 14829 899952 14828->14829 14830 88fa94 __mbsnbcpy_s_l 67 API calls 14829->14830 14833 893c6a 14829->14833 14831 899975 14830->14831 14834 8954d3 14831->14834 14833->14771 14833->14772 14837 893110 TlsGetValue 14834->14837 14836 8954e3 __invoke_watson 14838 893149 GetModuleHandleW 14837->14838 14839 893128 14837->14839 14840 893159 14838->14840 14841 893164 GetProcAddress 14838->14841 14839->14838 14842 893132 TlsGetValue 14839->14842 14847 88f219 14840->14847 14844 893141 14841->14844 14846 89313d 14842->14846 14844->14836 14846->14838 14846->14844 14848 88f224 Sleep GetModuleHandleW 14847->14848 14849 88f242 14848->14849 14850 88f246 14848->14850 14849->14848 14849->14850 14850->14841 14850->14844 14852 88f569 14851->14852 14853 88f562 14851->14853 14854 88fa94 __mbsnbcpy_s_l 67 API calls 14852->14854 14853->14852 14856 88f58f 14853->14856 14859 88f56e 14854->14859 14855 8954d3 __mbsnbcpy_s_l 6 API calls 14857 88f57d 14855->14857 14856->14857 14858 88fa94 __mbsnbcpy_s_l 67 API calls 14856->14858 14857->14789 14860 8953ab 14857->14860 14858->14859 14859->14855 14912 88fae0 14860->14912 14862 8953d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14863 8954a8 __invoke_watson 14862->14863 14864 8954b4 GetCurrentProcess TerminateProcess 14862->14864 14863->14864 14914 88e5f7 14864->14914 14866 893b44 14866->14789 14871 891aac 14867->14871 14868 891ab0 14869 891ab5 14868->14869 14870 88fa94 __mbsnbcpy_s_l 67 API calls 14868->14870 14869->14804 14869->14806 14872 891acc 14870->14872 14871->14868 14871->14869 14874 891af6 14871->14874 14873 8954d3 __mbsnbcpy_s_l 6 API calls 14872->14873 14873->14869 14874->14869 14875 88fa94 __mbsnbcpy_s_l 67 API calls 14874->14875 14875->14872 14877 88fb6b 14876->14877 14878 88fb72 14876->14878 14877->14878 14882 88fba6 14877->14882 14879 88fa94 __mbsnbcpy_s_l 67 API calls 14878->14879 14884 88fb77 14879->14884 14880 8954d3 __mbsnbcpy_s_l 6 API calls 14881 88fb86 14880->14881 14881->14800 14881->14802 14882->14881 14883 88fa94 __mbsnbcpy_s_l 67 API calls 14882->14883 14883->14884 14884->14880 14923 893107 14885->14923 14888 899885 14896 893110 __decode_pointer 6 API calls 14888->14896 14908 8998af 14888->14908 14889 8997fd LoadLibraryA 14890 899927 14889->14890 14891 899812 GetProcAddress 14889->14891 14890->14810 14891->14890 14893 899828 14891->14893 14892 8998da 14894 893110 __decode_pointer 6 API calls 14892->14894 14926 893095 TlsGetValue 14893->14926 14894->14890 14895 893110 __decode_pointer 6 API calls 14905 8998f2 14895->14905 14898 8998a2 14896->14898 14900 893110 __decode_pointer 6 API calls 14898->14900 14900->14908 14901 893095 __encode_pointer 6 API calls 14902 899843 GetProcAddress 14901->14902 14903 893095 __encode_pointer 6 API calls 14902->14903 14904 899858 GetProcAddress 14903->14904 14906 893095 __encode_pointer 6 API calls 14904->14906 14905->14892 14907 893110 __decode_pointer 6 API calls 14905->14907 14909 89986d 14906->14909 14907->14892 14908->14892 14908->14895 14909->14888 14910 899877 GetProcAddress 14909->14910 14911 893095 __encode_pointer 6 API calls 14910->14911 14911->14888 14913 88faec __VEC_memzero 14912->14913 14913->14862 14913->14913 14915 88e5ff 14914->14915 14916 88e601 IsDebuggerPresent 14914->14916 14915->14866 14922 8995b0 14916->14922 14919 89201c SetUnhandledExceptionFilter UnhandledExceptionFilter 14920 892041 GetCurrentProcess TerminateProcess 14919->14920 14921 892039 __invoke_watson 14919->14921 14920->14866 14921->14920 14922->14919 14924 893095 __encode_pointer 6 API calls 14923->14924 14925 89310e 14924->14925 14925->14888 14925->14889 14927 8930ad 14926->14927 14928 8930ce GetModuleHandleW 14926->14928 14927->14928 14929 8930b7 TlsGetValue 14927->14929 14930 8930e9 GetProcAddress 14928->14930 14931 8930de 14928->14931 14934 8930c2 14929->14934 14933 8930c6 GetProcAddress 14930->14933 14932 88f219 __crt_waiting_on_module_handle 2 API calls 14931->14932 14935 8930e4 14932->14935 14933->14901 14934->14928 14934->14933 14935->14930 14935->14933 14937 88f29b ExitProcess 14936->14937 14938 88f286 GetProcAddress 14936->14938 14938->14937 14939 88f296 14938->14939 14939->14937 14941 89221d 14940->14941 14942 892230 EnterCriticalSection 14940->14942 14956 892145 14941->14956 14942->14818 14944 892223 14944->14942 14982 88f249 14944->14982 14950 892a78 14947->14950 14948 892b11 14952 88ec3d 14948->14952 15038 892661 14948->15038 14950->14948 14950->14952 15031 8925b1 14950->15031 14953 88ec56 14952->14953 15042 89212e LeaveCriticalSection 14953->15042 14955 88ec5d 14955->14816 14957 892151 __mtinitlocknum 14956->14957 14958 892177 14957->14958 14959 893c63 __FF_MSGBANNER 67 API calls 14957->14959 14964 892187 __mtinitlocknum 14958->14964 14989 893632 14958->14989 14960 892166 14959->14960 14962 893ab8 __NMSG_WRITE 67 API calls 14960->14962 14965 89216d 14962->14965 14963 892192 14966 892199 14963->14966 14967 8921a8 14963->14967 14964->14944 14968 88f29d __mtinitlocknum 3 API calls 14965->14968 14969 88fa94 __mbsnbcpy_s_l 67 API calls 14966->14969 14970 892208 __lock 67 API calls 14967->14970 14968->14958 14969->14964 14971 8921af 14970->14971 14972 8921e3 14971->14972 14973 8921b7 14971->14973 14975 88e821 __mtinitlocknum 67 API calls 14972->14975 14994 8958ac 14973->14994 14977 8921d4 14975->14977 14976 8921c2 14976->14977 14998 88e821 14976->14998 15011 8921ff 14977->15011 14980 8921ce 14981 88fa94 __mbsnbcpy_s_l 67 API calls 14980->14981 14981->14977 14983 893c63 __FF_MSGBANNER 67 API calls 14982->14983 14984 88f253 14983->14984 14985 893ab8 __NMSG_WRITE 67 API calls 14984->14985 14986 88f25b 14985->14986 14987 893110 __decode_pointer 6 API calls 14986->14987 14988 88f266 14987->14988 14988->14942 14991 89363b 14989->14991 14990 88ec5f _malloc 66 API calls 14990->14991 14991->14990 14992 893671 14991->14992 14993 893652 Sleep 14991->14993 14992->14963 14993->14991 15014 8912c0 14994->15014 14996 8958b8 InitializeCriticalSectionAndSpinCount 14997 8958fc __mtinitlocknum 14996->14997 14997->14976 15000 88e82d __mtinitlocknum 14998->15000 14999 88e8a6 __expand __mtinitlocknum 14999->14980 15000->14999 15001 88e86c 15000->15001 15003 892208 __lock 65 API calls 15000->15003 15001->14999 15002 88e881 HeapFree 15001->15002 15002->14999 15004 88e893 15002->15004 15007 88e844 ___sbh_find_block 15003->15007 15005 88fa94 __mbsnbcpy_s_l 65 API calls 15004->15005 15006 88e898 GetLastError 15005->15006 15006->14999 15010 88e85e 15007->15010 15015 89229b 15007->15015 15022 88e877 15010->15022 15030 89212e LeaveCriticalSection 15011->15030 15013 892206 15013->14964 15014->14996 15016 8922da 15015->15016 15017 89257c 15015->15017 15016->15017 15018 8924c6 VirtualFree 15016->15018 15017->15010 15019 89252a 15018->15019 15019->15017 15020 892539 VirtualFree HeapFree 15019->15020 15025 895910 15020->15025 15029 89212e LeaveCriticalSection 15022->15029 15024 88e87e 15024->15001 15027 895928 15025->15027 15026 895957 15026->15017 15027->15026 15028 89594f __VEC_memcpy 15027->15028 15028->15026 15029->15024 15030->15013 15032 8925f8 HeapAlloc 15031->15032 15033 8925c4 HeapReAlloc 15031->15033 15035 89261b VirtualAlloc 15032->15035 15037 8925e2 15032->15037 15034 8925e6 15033->15034 15033->15037 15034->15032 15036 892635 HeapFree 15035->15036 15035->15037 15036->15037 15037->14948 15039 892678 VirtualAlloc 15038->15039 15041 8926bf 15039->15041 15041->14952 15042->14955 15057 89318b TlsGetValue 15043->15057 15046 893350 SetLastError 15046->14827 15049 893110 __decode_pointer 6 API calls 15050 893328 15049->15050 15051 89332f 15050->15051 15052 893347 15050->15052 15068 8931fc 15051->15068 15053 88e821 __mtinitlocknum 64 API calls 15052->15053 15055 89334d 15053->15055 15055->15046 15056 893337 GetCurrentThreadId 15056->15046 15058 8931bb 15057->15058 15059 8931a0 15057->15059 15058->15046 15062 893677 15058->15062 15060 893110 __decode_pointer 6 API calls 15059->15060 15061 8931ab TlsSetValue 15060->15061 15061->15058 15065 893680 15062->15065 15064 89330e 15064->15046 15064->15049 15065->15064 15066 89369e Sleep 15065->15066 15086 899492 15065->15086 15067 8936b3 15066->15067 15067->15064 15067->15065 15103 8912c0 15068->15103 15070 893208 GetModuleHandleW 15071 893218 15070->15071 15072 89321e 15070->15072 15073 88f219 __crt_waiting_on_module_handle 2 API calls 15071->15073 15074 89325a 15072->15074 15075 893236 GetProcAddress GetProcAddress 15072->15075 15073->15072 15076 892208 __lock 63 API calls 15074->15076 15075->15074 15077 893279 InterlockedIncrement 15076->15077 15104 8932d1 15077->15104 15080 892208 __lock 63 API calls 15081 89329a 15080->15081 15107 898452 InterlockedIncrement 15081->15107 15083 8932b8 15119 8932da 15083->15119 15085 8932c5 __mtinitlocknum 15085->15056 15087 89949e __mtinitlocknum 15086->15087 15088 8994d5 _memset 15087->15088 15089 8994b6 15087->15089 15092 8994cb __mtinitlocknum 15088->15092 15094 899547 HeapAlloc 15088->15094 15095 892064 _malloc 6 API calls 15088->15095 15096 892208 __lock 66 API calls 15088->15096 15097 892a4a ___sbh_alloc_block 5 API calls 15088->15097 15099 89958e 15088->15099 15090 88fa94 __mbsnbcpy_s_l 66 API calls 15089->15090 15091 8994bb 15090->15091 15093 8954d3 __mbsnbcpy_s_l 6 API calls 15091->15093 15092->15065 15093->15092 15094->15088 15095->15088 15096->15088 15097->15088 15102 89212e LeaveCriticalSection 15099->15102 15101 899595 15101->15088 15102->15101 15103->15070 15122 89212e LeaveCriticalSection 15104->15122 15106 893293 15106->15080 15108 898470 InterlockedIncrement 15107->15108 15109 898473 15107->15109 15108->15109 15110 89847d InterlockedIncrement 15109->15110 15111 898480 15109->15111 15110->15111 15112 89848a InterlockedIncrement 15111->15112 15113 89848d 15111->15113 15112->15113 15114 898497 InterlockedIncrement 15113->15114 15115 89849a 15113->15115 15114->15115 15116 8984b3 InterlockedIncrement 15115->15116 15117 8984c3 InterlockedIncrement 15115->15117 15118 8984ce InterlockedIncrement 15115->15118 15116->15115 15117->15115 15118->15083 15123 89212e LeaveCriticalSection 15119->15123 15121 8932e1 15121->15085 15122->15106 15123->15121 15124 88665d 15125 88666d 15124->15125 15126 88667e 15124->15126 15125->15126 15128 88663b 15125->15128 15131 8865e2 15128->15131 15130 886648 ctype 15130->15126 15132 8865ef 15131->15132 15133 886602 15131->15133 15132->15133 15139 88642c 15132->15139 15135 886609 TlsFree 15133->15135 15136 886610 15133->15136 15135->15136 15137 88662e DeleteCriticalSection 15136->15137 15138 886617 GlobalHandle GlobalUnlock GlobalFree 15136->15138 15137->15130 15138->15137 15140 886445 15139->15140 15141 886487 EnterCriticalSection 15139->15141 15140->15141 15145 8864bc 15140->15145 15146 8860ac 15141->15146 15144 8864b2 TlsSetValue 15144->15145 15145->15132 15147 8860c0 15146->15147 15150 8860bc LeaveCriticalSection LocalFree 15146->15150 15148 8860cc 15147->15148 15152 8860d8 15147->15152 15157 88604d 15148->15157 15150->15144 15151 8860f2 15151->15150 15154 88604d ctype RaiseException 15151->15154 15152->15151 15153 88604d RaiseException ctype 15152->15153 15153->15152 15155 8860fe 15154->15155 15156 88604d ctype RaiseException 15155->15156 15156->15150 15158 886058 15157->15158 15159 88605d 15157->15159 15161 8847fb 15158->15161 15159->15150 15164 8914ac 15161->15164 15163 884816 15165 8914e1 RaiseException 15164->15165 15166 8914d5 15164->15166 15165->15163 15166->15165 15167 881740 15184 88226c 15167->15184 15169 88175b _realloc 15191 8816c0 15169->15191 15171 88195c ctype 15173 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15171->15173 15172 8817aa 15172->15171 15174 881854 lstrlenA 15172->15174 15175 881979 15173->15175 15176 8818b3 15174->15176 15195 881310 15176->15195 15178 8818c2 15178->15171 15212 881440 15178->15212 15180 88192e 15181 881954 15180->15181 15182 881937 lstrlenA 15180->15182 15217 8814f0 15181->15217 15182->15181 15185 882276 15184->15185 15226 88272d GetModuleFileNameA 15185->15226 15187 88229b 15187->15169 15192 881719 15191->15192 15193 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15192->15193 15194 881735 15193->15194 15194->15172 15196 881320 15195->15196 15197 881324 15195->15197 15196->15178 15198 881332 15197->15198 15199 881337 VirtualAlloc 15197->15199 15198->15178 15200 88136e GetProcessHeap HeapAlloc VirtualAlloc VirtualAlloc 15199->15200 15201 881356 VirtualAlloc 15199->15201 15203 8813c5 _realloc 15200->15203 15201->15200 15202 881423 15201->15202 15202->15178 15681 881000 15203->15681 15205 8813db 15687 8811f0 15205->15687 15207 8813f6 15208 881403 15207->15208 15699 8810b0 15207->15699 15210 8814f0 71 API calls 15208->15210 15211 88142a 15208->15211 15210->15202 15211->15178 15213 88145b 15212->15213 15214 881461 15212->15214 15213->15180 15216 8814ad 15214->15216 15744 89c231 15214->15744 15216->15180 15218 88157a 15217->15218 15223 8814f8 15217->15223 15218->15171 15219 881551 15220 88156a GetProcessHeap HeapFree 15219->15220 15221 88155c VirtualFree 15219->15221 15220->15218 15221->15220 15222 881547 15224 88e821 __mtinitlocknum 67 API calls 15222->15224 15223->15219 15223->15222 15225 88153c FreeLibrary 15223->15225 15224->15219 15225->15223 15227 88275f 15226->15227 15228 88278f 15226->15228 15227->15228 15229 882763 PathFindExtensionA 15227->15229 15231 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15228->15231 15236 8824be 15229->15236 15232 882280 15231->15232 15232->15187 15233 882081 15232->15233 15544 88548b 15233->15544 15258 88f178 15236->15258 15238 8824cd GetModuleHandleA GetProcAddress 15239 8825bb GetModuleHandleA 15238->15239 15240 882516 ConvertDefaultLocale ConvertDefaultLocale GetProcAddress 15238->15240 15241 88262b GetModuleFileNameA 15239->15241 15242 8825c6 EnumResourceLanguagesA 15239->15242 15240->15241 15247 88257d ConvertDefaultLocale ConvertDefaultLocale 15240->15247 15244 88266e _memset 15241->15244 15257 882666 15241->15257 15242->15241 15243 8825ec ConvertDefaultLocale ConvertDefaultLocale 15242->15243 15243->15241 15259 881a78 15244->15259 15247->15241 15253 8826d2 15255 882711 15253->15255 15270 882175 15253->15270 15297 882247 15255->15297 15294 88f1fb 15257->15294 15258->15238 15260 881b2a 15259->15260 15261 881a9a GetModuleHandleA 15259->15261 15266 881b2f 15260->15266 15262 881aad 15261->15262 15263 881ab2 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 15261->15263 15264 8847fb ctype RaiseException 15262->15264 15265 881b20 15262->15265 15263->15262 15264->15263 15265->15260 15267 881b40 15266->15267 15268 881b44 15266->15268 15267->15253 15268->15267 15269 881b53 CreateActCtxA 15268->15269 15269->15267 15271 88219f 15270->15271 15272 8821b7 GetLocaleInfoA 15270->15272 15275 88f551 _strcpy_s 67 API calls 15271->15275 15273 8821b2 15272->15273 15274 882237 15272->15274 15276 88fa94 __mbsnbcpy_s_l 67 API calls 15273->15276 15279 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15274->15279 15277 8821ac 15275->15277 15278 8821cf 15276->15278 15305 881f38 15277->15305 15281 88fa94 __mbsnbcpy_s_l 67 API calls 15278->15281 15282 882245 15279->15282 15283 8821d6 15281->15283 15282->15253 15302 88fa31 15283->15302 15286 88fa94 __mbsnbcpy_s_l 67 API calls 15287 882203 15286->15287 15288 882208 15287->15288 15289 882217 15287->15289 15290 88fa94 __mbsnbcpy_s_l 67 API calls 15288->15290 15291 88fa94 __mbsnbcpy_s_l 67 API calls 15289->15291 15292 88220d 15290->15292 15291->15292 15292->15274 15293 882228 LoadLibraryA 15292->15293 15293->15274 15295 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15294->15295 15296 88f205 15295->15296 15296->15296 15298 882253 15297->15298 15299 882265 15297->15299 15298->15299 15540 881b96 15298->15540 15299->15257 15301 88225d ReleaseActCtx 15301->15299 15313 88f90c 15302->15313 15306 881f44 15305->15306 15308 881f49 15305->15308 15307 881f5d 15306->15307 15306->15308 15310 8914ac __CxxThrowException@8 RaiseException 15307->15310 15308->15273 15309 8914ac __CxxThrowException@8 RaiseException 15308->15309 15311 884816 15309->15311 15312 8847de 15310->15312 15314 88f93a 15313->15314 15315 88f91a 15313->15315 15317 88f948 15314->15317 15319 88f96f 15314->15319 15316 88fa94 __mbsnbcpy_s_l 67 API calls 15315->15316 15318 88f91f 15316->15318 15320 88fa94 __mbsnbcpy_s_l 67 API calls 15317->15320 15324 8821f9 15317->15324 15321 8954d3 __mbsnbcpy_s_l 6 API calls 15318->15321 15323 88fa94 __mbsnbcpy_s_l 67 API calls 15319->15323 15322 88f964 15320->15322 15321->15324 15326 8954d3 __mbsnbcpy_s_l 6 API calls 15322->15326 15325 88f974 15323->15325 15324->15286 15327 88f9af 15325->15327 15328 88f982 15325->15328 15326->15324 15329 88f79b __vsnprintf_helper 101 API calls 15327->15329 15343 88f79b 15328->15343 15331 88f9c0 15329->15331 15333 88f9e8 15331->15333 15335 88f9d2 15331->15335 15333->15324 15339 88fa94 __mbsnbcpy_s_l 67 API calls 15333->15339 15334 88f99c 15336 88fa94 __mbsnbcpy_s_l 67 API calls 15334->15336 15337 88fa94 __mbsnbcpy_s_l 67 API calls 15335->15337 15338 88f9a1 15336->15338 15340 88f9d7 15337->15340 15338->15324 15341 88fa94 __mbsnbcpy_s_l 67 API calls 15338->15341 15339->15322 15340->15324 15342 88fa94 __mbsnbcpy_s_l 67 API calls 15340->15342 15341->15324 15342->15324 15344 88f7cb 15343->15344 15345 88f7ab 15343->15345 15348 88f7db 15344->15348 15353 88f7f8 15344->15353 15346 88fa94 __mbsnbcpy_s_l 67 API calls 15345->15346 15347 88f7b0 15346->15347 15350 8954d3 __mbsnbcpy_s_l 6 API calls 15347->15350 15349 88fa94 __mbsnbcpy_s_l 67 API calls 15348->15349 15351 88f7e0 15349->15351 15354 88f7c0 15350->15354 15352 8954d3 __mbsnbcpy_s_l 6 API calls 15351->15352 15352->15354 15353->15354 15356 895c75 15353->15356 15354->15333 15354->15334 15377 89a882 15356->15377 15359 895c90 15361 88fa94 __mbsnbcpy_s_l 67 API calls 15359->15361 15360 895ca7 15362 895cab 15360->15362 15371 895cb8 __flsbuf 15360->15371 15370 895c95 15361->15370 15363 88fa94 __mbsnbcpy_s_l 67 API calls 15362->15363 15363->15370 15364 895da8 15366 89a544 __locking 101 API calls 15364->15366 15365 895d28 15367 895d3f 15365->15367 15372 895d5c 15365->15372 15366->15370 15395 89a544 15367->15395 15370->15354 15371->15370 15373 895d0e 15371->15373 15376 895d19 15371->15376 15383 89a669 15371->15383 15372->15370 15420 899cf8 15372->15420 15373->15376 15392 89a620 15373->15392 15376->15364 15376->15365 15378 895c85 15377->15378 15379 89a891 15377->15379 15378->15359 15378->15360 15380 88fa94 __mbsnbcpy_s_l 67 API calls 15379->15380 15381 89a896 15380->15381 15382 8954d3 __mbsnbcpy_s_l 6 API calls 15381->15382 15382->15378 15384 89a685 15383->15384 15385 89a676 15383->15385 15387 88fa94 __mbsnbcpy_s_l 67 API calls 15384->15387 15390 89a6a9 15384->15390 15386 88fa94 __mbsnbcpy_s_l 67 API calls 15385->15386 15388 89a67b 15386->15388 15389 89a699 15387->15389 15388->15373 15391 8954d3 __mbsnbcpy_s_l 6 API calls 15389->15391 15390->15373 15391->15390 15393 893632 __malloc_crt 67 API calls 15392->15393 15394 89a635 15393->15394 15394->15376 15396 89a550 __mtinitlocknum 15395->15396 15397 89a558 15396->15397 15398 89a573 15396->15398 15452 88faa7 15397->15452 15400 89a581 15398->15400 15403 89a5c2 15398->15403 15402 88faa7 __commit 67 API calls 15400->15402 15405 89a586 15402->15405 15455 89bb68 15403->15455 15404 88fa94 __mbsnbcpy_s_l 67 API calls 15413 89a565 __mtinitlocknum 15404->15413 15407 88fa94 __mbsnbcpy_s_l 67 API calls 15405->15407 15409 89a58d 15407->15409 15408 89a5c8 15411 89a5eb 15408->15411 15412 89a5d5 15408->15412 15410 8954d3 __mbsnbcpy_s_l 6 API calls 15409->15410 15410->15413 15415 88fa94 __mbsnbcpy_s_l 67 API calls 15411->15415 15465 899e11 15412->15465 15413->15370 15417 89a5f0 15415->15417 15416 89a5e3 15524 89a616 15416->15524 15418 88faa7 __commit 67 API calls 15417->15418 15418->15416 15421 899d04 __mtinitlocknum 15420->15421 15422 899d31 15421->15422 15423 899d15 15421->15423 15425 899d3f 15422->15425 15427 899d60 15422->15427 15424 88faa7 __commit 67 API calls 15423->15424 15426 899d1a 15424->15426 15428 88faa7 __commit 67 API calls 15425->15428 15431 88fa94 __mbsnbcpy_s_l 67 API calls 15426->15431 15429 899d80 15427->15429 15430 899da6 15427->15430 15432 899d44 15428->15432 15433 88faa7 __commit 67 API calls 15429->15433 15434 89bb68 ___lock_fhandle 68 API calls 15430->15434 15445 899d22 __mtinitlocknum 15431->15445 15435 88fa94 __mbsnbcpy_s_l 67 API calls 15432->15435 15436 899d85 15433->15436 15437 899dac 15434->15437 15438 899d4b 15435->15438 15440 88fa94 __mbsnbcpy_s_l 67 API calls 15436->15440 15441 899db9 15437->15441 15442 899dd5 15437->15442 15439 8954d3 __mbsnbcpy_s_l 6 API calls 15438->15439 15439->15445 15444 899d8c 15440->15444 15527 899c73 15441->15527 15443 88fa94 __mbsnbcpy_s_l 67 API calls 15442->15443 15447 899dda 15443->15447 15448 8954d3 __mbsnbcpy_s_l 6 API calls 15444->15448 15445->15370 15450 88faa7 __commit 67 API calls 15447->15450 15448->15445 15449 899dca 15537 899e07 15449->15537 15450->15449 15453 8932e3 __getptd_noexit 67 API calls 15452->15453 15454 88faac 15453->15454 15454->15404 15456 89bb74 __mtinitlocknum 15455->15456 15457 89bbcf 15456->15457 15460 892208 __lock 67 API calls 15456->15460 15458 89bbf1 __mtinitlocknum 15457->15458 15459 89bbd4 EnterCriticalSection 15457->15459 15458->15408 15459->15458 15461 89bba0 15460->15461 15462 89bbb7 15461->15462 15464 8958ac __mtinitlocknum InitializeCriticalSectionAndSpinCount 15461->15464 15463 89bbff ___lock_fhandle LeaveCriticalSection 15462->15463 15463->15457 15464->15462 15466 899e20 __write_nolock 15465->15466 15467 899e79 15466->15467 15468 899e52 15466->15468 15497 899e47 15466->15497 15471 899ee1 15467->15471 15472 899ebb 15467->15472 15470 88faa7 __commit 67 API calls 15468->15470 15469 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15473 89a542 15469->15473 15474 899e57 15470->15474 15476 899ef5 15471->15476 15481 899c73 __lseeki64_nolock 69 API calls 15471->15481 15475 88faa7 __commit 67 API calls 15472->15475 15473->15416 15477 88fa94 __mbsnbcpy_s_l 67 API calls 15474->15477 15480 899ec0 15475->15480 15479 89a669 __flsbuf 67 API calls 15476->15479 15478 899e5e 15477->15478 15482 8954d3 __mbsnbcpy_s_l 6 API calls 15478->15482 15483 899f00 15479->15483 15484 88fa94 __mbsnbcpy_s_l 67 API calls 15480->15484 15481->15476 15482->15497 15485 89a1a6 15483->15485 15490 89335c __getptd 67 API calls 15483->15490 15486 899ec9 15484->15486 15488 89a475 WriteFile 15485->15488 15489 89a1b6 15485->15489 15487 8954d3 __mbsnbcpy_s_l 6 API calls 15486->15487 15487->15497 15493 89a4a8 GetLastError 15488->15493 15494 89a188 15488->15494 15491 89a294 15489->15491 15513 89a1ca 15489->15513 15492 899f1b GetConsoleMode 15490->15492 15512 89a374 15491->15512 15517 89a2a3 15491->15517 15492->15485 15496 899f46 15492->15496 15493->15494 15495 89a4f3 15494->15495 15494->15497 15499 89a4c6 15494->15499 15495->15497 15500 88fa94 __mbsnbcpy_s_l 67 API calls 15495->15500 15496->15485 15498 899f58 GetConsoleCP 15496->15498 15497->15469 15498->15494 15521 899f7b 15498->15521 15503 89a4d1 15499->15503 15504 89a4e5 15499->15504 15501 89a516 15500->15501 15506 88faa7 __commit 67 API calls 15501->15506 15502 89a3da WideCharToMultiByte 15502->15493 15508 89a411 WriteFile 15502->15508 15507 88fa94 __mbsnbcpy_s_l 67 API calls 15503->15507 15510 88faba __dosmaperr 67 API calls 15504->15510 15505 89a238 WriteFile 15505->15493 15505->15513 15506->15497 15514 89a4d6 15507->15514 15511 89a448 GetLastError 15508->15511 15508->15512 15509 89a318 WriteFile 15509->15493 15509->15517 15510->15497 15511->15512 15512->15494 15512->15495 15512->15502 15512->15508 15513->15494 15513->15495 15513->15505 15516 88faa7 __commit 67 API calls 15514->15516 15515 89aa8b __write_nolock 77 API calls 15515->15521 15516->15497 15517->15494 15517->15495 15517->15509 15518 89b447 79 API calls __fassign 15518->15521 15519 89a027 WideCharToMultiByte 15519->15494 15520 89a058 WriteFile 15519->15520 15520->15493 15520->15521 15521->15493 15521->15494 15521->15515 15521->15518 15521->15519 15522 89bc2f 11 API calls __putwch_nolock 15521->15522 15523 89a0ac WriteFile 15521->15523 15522->15521 15523->15493 15523->15521 15525 89bc08 __unlock_fhandle LeaveCriticalSection 15524->15525 15526 89a61e 15525->15526 15526->15413 15528 89baf1 __commit 67 API calls 15527->15528 15529 899c91 15528->15529 15530 899c99 15529->15530 15531 899caa SetFilePointer 15529->15531 15533 88fa94 __mbsnbcpy_s_l 67 API calls 15530->15533 15532 899cc2 GetLastError 15531->15532 15534 899c9e 15531->15534 15532->15534 15535 899ccc 15532->15535 15533->15534 15534->15449 15536 88faba __dosmaperr 67 API calls 15535->15536 15536->15534 15538 89bc08 __unlock_fhandle LeaveCriticalSection 15537->15538 15539 899e0f 15538->15539 15539->15445 15541 881bb9 15540->15541 15542 881ba0 15540->15542 15541->15301 15542->15541 15543 881ba7 DeactivateActCtx 15542->15543 15543->15301 15549 88651f 15544->15549 15546 88549a 15547 88208b InterlockedExchange 15546->15547 15560 885fb0 15546->15560 15547->15187 15550 88652b __EH_prolog3 15549->15550 15551 8847fb ctype RaiseException 15550->15551 15552 886579 15550->15552 15566 886235 TlsAlloc 15550->15566 15570 88611d EnterCriticalSection 15550->15570 15551->15550 15585 885f44 EnterCriticalSection 15552->15585 15557 88659f ctype 15557->15546 15558 88658c 15592 8862dc 15558->15592 15561 885fbc __EH_prolog3_catch 15560->15561 15562 885fe5 ctype 15561->15562 15664 88b9e8 15561->15664 15562->15546 15564 885fcb 15674 88ba5a 15564->15674 15567 886261 15566->15567 15568 886266 InitializeCriticalSection 15566->15568 15616 8847c3 15567->15616 15568->15550 15571 886140 15570->15571 15572 8861ff _memset 15571->15572 15574 886179 15571->15574 15575 88618e GlobalHandle GlobalUnlock 15571->15575 15573 886216 LeaveCriticalSection 15572->15573 15573->15550 15619 886067 15574->15619 15577 886067 ctype 80 API calls 15575->15577 15579 8861ac GlobalReAlloc 15577->15579 15580 8861b8 15579->15580 15581 8861df GlobalLock 15580->15581 15582 8861d1 LeaveCriticalSection 15580->15582 15583 8861c3 GlobalHandle GlobalLock 15580->15583 15581->15572 15584 8847c3 ctype RaiseException 15582->15584 15583->15582 15584->15581 15586 885f5f 15585->15586 15587 885f86 LeaveCriticalSection 15585->15587 15586->15587 15588 885f64 TlsGetValue 15586->15588 15589 885f8f 15587->15589 15588->15587 15590 885f70 15588->15590 15589->15557 15589->15558 15590->15587 15591 885f75 LeaveCriticalSection 15590->15591 15591->15589 15656 88f142 15592->15656 15594 8862e8 EnterCriticalSection 15595 886307 15594->15595 15602 8863eb LeaveCriticalSection 15594->15602 15597 886310 TlsGetValue 15595->15597 15595->15602 15599 88634e 15597->15599 15603 88631e 15597->15603 15598 88640e ctype 15598->15557 15657 885f11 LocalAlloc 15599->15657 15602->15598 15603->15602 15604 886338 15603->15604 15605 886393 15603->15605 15607 886067 ctype 80 API calls 15604->15607 15606 886067 ctype 80 API calls 15605->15606 15610 88639f LocalReAlloc 15606->15610 15608 886342 LocalAlloc 15607->15608 15611 8863ab 15608->15611 15610->15611 15612 8863bd _memset 15611->15612 15613 8863af LeaveCriticalSection 15611->15613 15615 8863d6 TlsSetValue 15612->15615 15614 8847c3 ctype RaiseException 15613->15614 15614->15612 15615->15602 15617 8914ac __CxxThrowException@8 RaiseException 15616->15617 15618 8847de 15617->15618 15620 88607c ctype 15619->15620 15621 886089 GlobalAlloc 15620->15621 15623 881f64 15620->15623 15621->15580 15624 881f72 15623->15624 15625 881f77 15623->15625 15626 8847c3 ctype RaiseException 15624->15626 15631 8866a4 15625->15631 15626->15625 15628 881fb8 15628->15621 15629 881f7f 15629->15628 15630 881f64 ctype 80 API calls 15629->15630 15630->15629 15632 8866b0 __EH_prolog3 15631->15632 15642 8819ba 15632->15642 15634 8866b7 ctype 15635 8914ac __CxxThrowException@8 RaiseException 15634->15635 15636 8866e6 FormatMessageA 15635->15636 15638 88671f 15636->15638 15639 886716 15636->15639 15646 884817 15638->15646 15639->15629 15644 8819c2 15642->15644 15643 88ec5f _malloc 67 API calls 15643->15644 15644->15643 15645 8819e4 15644->15645 15645->15634 15653 8914f8 15646->15653 15649 881f38 ctype RaiseException 15650 88482e 15649->15650 15651 881f38 ctype RaiseException 15650->15651 15652 884833 LocalFree 15651->15652 15652->15639 15654 8978df __mbsnbcpy_s_l 77 API calls 15653->15654 15655 88482d 15654->15655 15655->15649 15656->15594 15658 885f2a 15657->15658 15659 885f25 15657->15659 15661 88608e 15658->15661 15660 8847c3 ctype RaiseException 15659->15660 15660->15658 15662 88604d ctype RaiseException 15661->15662 15663 8860a0 15662->15663 15663->15603 15665 88b9f8 15664->15665 15666 88b9fd 15664->15666 15667 8847fb ctype RaiseException 15665->15667 15668 88ba0b 15666->15668 15678 88b97f 15666->15678 15667->15666 15670 88ba1d EnterCriticalSection 15668->15670 15671 88ba47 EnterCriticalSection 15668->15671 15672 88ba29 InitializeCriticalSection 15670->15672 15673 88ba3c LeaveCriticalSection 15670->15673 15671->15564 15672->15673 15673->15671 15675 88ba6c LeaveCriticalSection 15674->15675 15676 88ba67 15674->15676 15675->15562 15677 8847fb ctype RaiseException 15676->15677 15677->15675 15679 88b988 InitializeCriticalSection 15678->15679 15680 88b99d 15678->15680 15679->15680 15680->15668 15682 881028 _realloc 15681->15682 15685 8810a5 15681->15685 15683 881062 VirtualAlloc 15682->15683 15684 881044 VirtualAlloc 15682->15684 15682->15685 15683->15682 15686 881060 _memset 15684->15686 15685->15205 15686->15682 15688 88120f IsBadReadPtr 15687->15688 15689 8812f0 15687->15689 15690 8812e8 15688->15690 15691 881229 15688->15691 15689->15207 15690->15207 15692 88123b LoadLibraryA 15691->15692 15693 8812f7 15691->15693 15694 88124e 15692->15694 15695 8812e0 15692->15695 15693->15207 15694->15691 15694->15695 15697 8812bb IsBadReadPtr 15694->15697 15698 8812a0 GetProcAddress 15694->15698 15704 88e606 15694->15704 15695->15207 15697->15693 15697->15694 15698->15694 15698->15695 15701 881163 15699->15701 15702 8810cf 15699->15702 15700 8810f2 VirtualFree 15700->15702 15701->15208 15702->15700 15702->15701 15703 88113c VirtualProtect 15702->15703 15703->15702 15705 88e612 __mtinitlocknum 15704->15705 15706 88e619 15705->15706 15707 88e627 15705->15707 15708 88ec5f _malloc 67 API calls 15706->15708 15709 88e63a 15707->15709 15710 88e62e 15707->15710 15725 88e621 __expand __mtinitlocknum 15708->15725 15717 88e7ac 15709->15717 15738 88e647 ___sbh_resize_block _realloc ___sbh_find_block 15709->15738 15711 88e821 __mtinitlocknum 67 API calls 15710->15711 15711->15725 15712 88e7df 15713 892064 _malloc 6 API calls 15712->15713 15716 88e7e5 15713->15716 15714 892208 __lock 67 API calls 15714->15738 15715 88e7b1 HeapReAlloc 15715->15717 15715->15725 15718 88fa94 __mbsnbcpy_s_l 67 API calls 15716->15718 15717->15712 15717->15715 15719 88e803 15717->15719 15720 892064 _malloc 6 API calls 15717->15720 15722 88e7f9 15717->15722 15718->15725 15721 88fa94 __mbsnbcpy_s_l 67 API calls 15719->15721 15719->15725 15720->15717 15723 88e80c GetLastError 15721->15723 15726 88fa94 __mbsnbcpy_s_l 67 API calls 15722->15726 15723->15725 15725->15694 15728 88e77a 15726->15728 15727 88e6d2 HeapAlloc 15727->15738 15728->15725 15730 88e77f GetLastError 15728->15730 15729 88e727 HeapReAlloc 15729->15738 15730->15725 15731 892a4a ___sbh_alloc_block 5 API calls 15731->15738 15732 88e792 15732->15725 15734 88fa94 __mbsnbcpy_s_l 67 API calls 15732->15734 15733 892064 _malloc 6 API calls 15733->15738 15735 88e79f 15734->15735 15735->15723 15735->15725 15736 88e775 15737 88fa94 __mbsnbcpy_s_l 67 API calls 15736->15737 15737->15728 15738->15712 15738->15714 15738->15725 15738->15727 15738->15729 15738->15731 15738->15732 15738->15733 15738->15736 15739 89229b VirtualFree VirtualFree HeapFree __VEC_memcpy ___sbh_free_block 15738->15739 15740 88e74a 15738->15740 15739->15738 15743 89212e LeaveCriticalSection 15740->15743 15742 88e751 15742->15738 15743->15742 15745 89c241 15744->15745 15749 89c26a 15744->15749 15746 89c246 15745->15746 15745->15749 15748 88fa94 __mbsnbcpy_s_l 67 API calls 15746->15748 15751 89c24b 15748->15751 15753 89c15c 15749->15753 15750 89c25b 15750->15214 15752 8954d3 __mbsnbcpy_s_l 6 API calls 15751->15752 15752->15750 15768 89156b 15753->15768 15756 89c1a5 15759 89c1ad 15756->15759 15767 89c1d8 15756->15767 15757 89c177 15758 88fa94 __mbsnbcpy_s_l 67 API calls 15757->15758 15760 89c17c 15758->15760 15761 88fa94 __mbsnbcpy_s_l 67 API calls 15759->15761 15762 8954d3 __mbsnbcpy_s_l 6 API calls 15760->15762 15763 89c1b2 15761->15763 15765 89c18c ___ascii_stricmp 15762->15765 15764 8954d3 __mbsnbcpy_s_l 6 API calls 15763->15764 15764->15765 15765->15750 15766 89b461 102 API calls __tolower_l 15766->15767 15767->15765 15767->15766 15769 89157e 15768->15769 15775 8915cb 15768->15775 15776 89335c 15769->15776 15772 8915ab 15772->15775 15796 897e4c 15772->15796 15775->15756 15775->15757 15777 8932e3 __getptd_noexit 67 API calls 15776->15777 15778 893364 15777->15778 15779 891583 15778->15779 15780 88f249 __amsg_exit 67 API calls 15778->15780 15779->15772 15781 8985b8 15779->15781 15780->15779 15782 8985c4 __mtinitlocknum 15781->15782 15783 89335c __getptd 67 API calls 15782->15783 15784 8985c9 15783->15784 15785 8985f7 15784->15785 15786 8985db 15784->15786 15787 892208 __lock 67 API calls 15785->15787 15788 89335c __getptd 67 API calls 15786->15788 15789 8985fe 15787->15789 15790 8985e0 15788->15790 15812 89857a 15789->15812 15794 8985ee __mtinitlocknum 15790->15794 15795 88f249 __amsg_exit 67 API calls 15790->15795 15794->15772 15795->15794 15797 897e58 __mtinitlocknum 15796->15797 15798 89335c __getptd 67 API calls 15797->15798 15799 897e5d 15798->15799 15800 892208 __lock 67 API calls 15799->15800 15801 897e6f 15799->15801 15802 897e8d 15800->15802 15804 897e7d __mtinitlocknum 15801->15804 15808 88f249 __amsg_exit 67 API calls 15801->15808 15803 897ed6 15802->15803 15805 897ebe InterlockedIncrement 15802->15805 15806 897ea4 InterlockedDecrement 15802->15806 15980 897ee7 15803->15980 15804->15775 15805->15803 15806->15805 15809 897eaf 15806->15809 15808->15804 15809->15805 15810 88e821 __mtinitlocknum 67 API calls 15809->15810 15811 897ebd 15810->15811 15811->15805 15813 89857e 15812->15813 15814 8985b0 15812->15814 15813->15814 15815 898452 ___addlocaleref 8 API calls 15813->15815 15820 898622 15814->15820 15816 898591 15815->15816 15816->15814 15823 8984e1 15816->15823 15979 89212e LeaveCriticalSection 15820->15979 15822 898629 15822->15790 15824 8984f2 InterlockedDecrement 15823->15824 15825 898575 15823->15825 15826 89850a 15824->15826 15827 898507 InterlockedDecrement 15824->15827 15825->15814 15837 898309 15825->15837 15828 898514 InterlockedDecrement 15826->15828 15829 898517 15826->15829 15827->15826 15828->15829 15830 898521 InterlockedDecrement 15829->15830 15831 898524 15829->15831 15830->15831 15832 89852e InterlockedDecrement 15831->15832 15834 898531 15831->15834 15832->15834 15833 89854a InterlockedDecrement 15833->15834 15834->15833 15835 89855a InterlockedDecrement 15834->15835 15836 898565 InterlockedDecrement 15834->15836 15835->15834 15836->15825 15838 89838d 15837->15838 15840 898320 15837->15840 15839 8983da 15838->15839 15841 88e821 __mtinitlocknum 67 API calls 15838->15841 15856 898401 15839->15856 15891 89b084 15839->15891 15840->15838 15842 898354 15840->15842 15851 88e821 __mtinitlocknum 67 API calls 15840->15851 15844 8983ae 15841->15844 15845 898375 15842->15845 15853 88e821 __mtinitlocknum 67 API calls 15842->15853 15846 88e821 __mtinitlocknum 67 API calls 15844->15846 15849 88e821 __mtinitlocknum 67 API calls 15845->15849 15848 8983c1 15846->15848 15855 88e821 __mtinitlocknum 67 API calls 15848->15855 15857 898382 15849->15857 15850 898446 15858 88e821 __mtinitlocknum 67 API calls 15850->15858 15859 898349 15851->15859 15852 88e821 __mtinitlocknum 67 API calls 15852->15856 15860 89836a 15853->15860 15854 88e821 67 API calls __mtinitlocknum 15854->15856 15861 8983cf 15855->15861 15856->15850 15856->15854 15862 88e821 __mtinitlocknum 67 API calls 15857->15862 15863 89844c 15858->15863 15867 89b25e 15859->15867 15883 89b219 15860->15883 15866 88e821 __mtinitlocknum 67 API calls 15861->15866 15862->15838 15863->15814 15866->15839 15868 89b26b 15867->15868 15882 89b2e8 15867->15882 15869 89b27c 15868->15869 15870 88e821 __mtinitlocknum 67 API calls 15868->15870 15871 89b28e 15869->15871 15872 88e821 __mtinitlocknum 67 API calls 15869->15872 15870->15869 15873 89b2a0 15871->15873 15874 88e821 __mtinitlocknum 67 API calls 15871->15874 15872->15871 15875 89b2b2 15873->15875 15876 88e821 __mtinitlocknum 67 API calls 15873->15876 15874->15873 15877 89b2c4 15875->15877 15878 88e821 __mtinitlocknum 67 API calls 15875->15878 15876->15875 15879 89b2d6 15877->15879 15880 88e821 __mtinitlocknum 67 API calls 15877->15880 15878->15877 15881 88e821 __mtinitlocknum 67 API calls 15879->15881 15879->15882 15880->15879 15881->15882 15882->15842 15884 89b226 15883->15884 15890 89b25a 15883->15890 15885 89b236 15884->15885 15886 88e821 __mtinitlocknum 67 API calls 15884->15886 15887 88e821 __mtinitlocknum 67 API calls 15885->15887 15888 89b248 15885->15888 15886->15885 15887->15888 15889 88e821 __mtinitlocknum 67 API calls 15888->15889 15888->15890 15889->15890 15890->15845 15892 89b095 15891->15892 15978 8983fa 15891->15978 15893 88e821 __mtinitlocknum 67 API calls 15892->15893 15894 89b09d 15893->15894 15895 88e821 __mtinitlocknum 67 API calls 15894->15895 15896 89b0a5 15895->15896 15897 88e821 __mtinitlocknum 67 API calls 15896->15897 15898 89b0ad 15897->15898 15899 88e821 __mtinitlocknum 67 API calls 15898->15899 15900 89b0b5 15899->15900 15901 88e821 __mtinitlocknum 67 API calls 15900->15901 15902 89b0bd 15901->15902 15903 88e821 __mtinitlocknum 67 API calls 15902->15903 15904 89b0c5 15903->15904 15905 88e821 __mtinitlocknum 67 API calls 15904->15905 15906 89b0cc 15905->15906 15907 88e821 __mtinitlocknum 67 API calls 15906->15907 15908 89b0d4 15907->15908 15909 88e821 __mtinitlocknum 67 API calls 15908->15909 15910 89b0dc 15909->15910 15911 88e821 __mtinitlocknum 67 API calls 15910->15911 15912 89b0e4 15911->15912 15913 88e821 __mtinitlocknum 67 API calls 15912->15913 15914 89b0ec 15913->15914 15915 88e821 __mtinitlocknum 67 API calls 15914->15915 15916 89b0f4 15915->15916 15917 88e821 __mtinitlocknum 67 API calls 15916->15917 15918 89b0fc 15917->15918 15919 88e821 __mtinitlocknum 67 API calls 15918->15919 15920 89b104 15919->15920 15921 88e821 __mtinitlocknum 67 API calls 15920->15921 15922 89b10c 15921->15922 15923 88e821 __mtinitlocknum 67 API calls 15922->15923 15924 89b114 15923->15924 15925 88e821 __mtinitlocknum 67 API calls 15924->15925 15926 89b11f 15925->15926 15927 88e821 __mtinitlocknum 67 API calls 15926->15927 15928 89b127 15927->15928 15929 88e821 __mtinitlocknum 67 API calls 15928->15929 15930 89b12f 15929->15930 15931 88e821 __mtinitlocknum 67 API calls 15930->15931 15932 89b137 15931->15932 15933 88e821 __mtinitlocknum 67 API calls 15932->15933 15934 89b13f 15933->15934 15935 88e821 __mtinitlocknum 67 API calls 15934->15935 15936 89b147 15935->15936 15937 88e821 __mtinitlocknum 67 API calls 15936->15937 15938 89b14f 15937->15938 15939 88e821 __mtinitlocknum 67 API calls 15938->15939 15940 89b157 15939->15940 15941 88e821 __mtinitlocknum 67 API calls 15940->15941 15942 89b15f 15941->15942 15943 88e821 __mtinitlocknum 67 API calls 15942->15943 15944 89b167 15943->15944 15945 88e821 __mtinitlocknum 67 API calls 15944->15945 15946 89b16f 15945->15946 15947 88e821 __mtinitlocknum 67 API calls 15946->15947 15948 89b177 15947->15948 15949 88e821 __mtinitlocknum 67 API calls 15948->15949 15950 89b17f 15949->15950 15951 88e821 __mtinitlocknum 67 API calls 15950->15951 15952 89b187 15951->15952 15953 88e821 __mtinitlocknum 67 API calls 15952->15953 15954 89b18f 15953->15954 15955 88e821 __mtinitlocknum 67 API calls 15954->15955 15956 89b197 15955->15956 15957 88e821 __mtinitlocknum 67 API calls 15956->15957 15958 89b1a5 15957->15958 15959 88e821 __mtinitlocknum 67 API calls 15958->15959 15960 89b1b0 15959->15960 15961 88e821 __mtinitlocknum 67 API calls 15960->15961 15962 89b1bb 15961->15962 15963 88e821 __mtinitlocknum 67 API calls 15962->15963 15964 89b1c6 15963->15964 15965 88e821 __mtinitlocknum 67 API calls 15964->15965 15966 89b1d1 15965->15966 15967 88e821 __mtinitlocknum 67 API calls 15966->15967 15968 89b1dc 15967->15968 15969 88e821 __mtinitlocknum 67 API calls 15968->15969 15970 89b1e7 15969->15970 15971 88e821 __mtinitlocknum 67 API calls 15970->15971 15972 89b1f2 15971->15972 15973 88e821 __mtinitlocknum 67 API calls 15972->15973 15974 89b1fd 15973->15974 15975 88e821 __mtinitlocknum 67 API calls 15974->15975 15976 89b208 15975->15976 15977 88e821 __mtinitlocknum 67 API calls 15976->15977 15977->15978 15978->15852 15979->15822 15983 89212e LeaveCriticalSection 15980->15983 15982 897eee 15982->15801 15983->15982 15984 88bbf2 8 API calls 15985 89f5d2 15990 89eb51 15985->15990 15991 88548b ctype 110 API calls 15990->15991 15992 89eb5b 15991->15992 15993 89eb6c 15992->15993 15998 898151 15992->15998 15995 88e9d6 15993->15995 16195 88e99a 15995->16195 15997 88e9e3 15999 89815d __mtinitlocknum 15998->15999 16000 89335c __getptd 67 API calls 15999->16000 16001 898166 16000->16001 16002 897e4c __setmbcp 69 API calls 16001->16002 16003 898170 16002->16003 16029 897ef0 16003->16029 16006 893632 __malloc_crt 67 API calls 16007 898191 16006->16007 16008 8982b0 __mtinitlocknum 16007->16008 16036 897f6c 16007->16036 16008->15993 16011 8982bd 16011->16008 16015 8982d0 16011->16015 16017 88e821 __mtinitlocknum 67 API calls 16011->16017 16012 8981c1 InterlockedDecrement 16013 8981d1 16012->16013 16014 8981e2 InterlockedIncrement 16012->16014 16013->16014 16019 88e821 __mtinitlocknum 67 API calls 16013->16019 16014->16008 16016 8981f8 16014->16016 16018 88fa94 __mbsnbcpy_s_l 67 API calls 16015->16018 16016->16008 16021 892208 __lock 67 API calls 16016->16021 16017->16015 16018->16008 16020 8981e1 16019->16020 16020->16014 16023 89820c InterlockedDecrement 16021->16023 16024 898288 16023->16024 16025 89829b InterlockedIncrement 16023->16025 16024->16025 16027 88e821 __mtinitlocknum 67 API calls 16024->16027 16046 8982b2 16025->16046 16028 89829a 16027->16028 16028->16025 16030 89156b _LocaleUpdate::_LocaleUpdate 77 API calls 16029->16030 16031 897f04 16030->16031 16032 897f2d 16031->16032 16033 897f0f GetOEMCP 16031->16033 16034 897f32 GetACP 16032->16034 16035 897f1f 16032->16035 16033->16035 16034->16035 16035->16006 16035->16008 16037 897ef0 getSystemCP 79 API calls 16036->16037 16038 897f8c 16037->16038 16039 897f97 setSBCS 16038->16039 16041 897fdb IsValidCodePage 16038->16041 16044 898000 _memset __setmbcp_nolock 16038->16044 16040 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16039->16040 16042 89814f 16040->16042 16041->16039 16043 897fed GetCPInfo 16041->16043 16042->16011 16042->16012 16043->16039 16043->16044 16049 897cb9 GetCPInfo 16044->16049 16194 89212e LeaveCriticalSection 16046->16194 16048 8982b9 16048->16008 16050 897d9f 16049->16050 16051 897ced _memset 16049->16051 16055 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16050->16055 16059 89b042 16051->16059 16057 897e4a 16055->16057 16057->16044 16058 89ae43 ___crtLCMapStringA 102 API calls 16058->16050 16060 89156b _LocaleUpdate::_LocaleUpdate 77 API calls 16059->16060 16061 89b055 16060->16061 16069 89ae88 16061->16069 16064 89ae43 16065 89156b _LocaleUpdate::_LocaleUpdate 77 API calls 16064->16065 16066 89ae56 16065->16066 16147 89aa9e 16066->16147 16070 89aea9 GetStringTypeW 16069->16070 16071 89aed4 16069->16071 16073 89aec9 GetLastError 16070->16073 16074 89aec1 16070->16074 16072 89afbb 16071->16072 16071->16074 16097 89bf26 GetLocaleInfoA 16072->16097 16073->16071 16075 89af0d MultiByteToWideChar 16074->16075 16085 89afb5 16074->16085 16078 89af3a 16075->16078 16075->16085 16077 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16079 897d5a 16077->16079 16082 88ec5f _malloc 67 API calls 16078->16082 16087 89af4f _memset ___convertcp 16078->16087 16079->16064 16081 89b00c GetStringTypeA 16081->16085 16086 89b027 16081->16086 16082->16087 16084 89af88 MultiByteToWideChar 16089 89afaf 16084->16089 16090 89af9e GetStringTypeW 16084->16090 16085->16077 16091 88e821 __mtinitlocknum 67 API calls 16086->16091 16087->16084 16087->16085 16093 899c53 16089->16093 16090->16089 16091->16085 16094 899c5f 16093->16094 16095 899c70 16093->16095 16094->16095 16096 88e821 __mtinitlocknum 67 API calls 16094->16096 16095->16085 16096->16095 16098 89bf59 16097->16098 16099 89bf54 16097->16099 16128 88e9ed 16098->16128 16101 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16099->16101 16102 89afdf 16101->16102 16102->16081 16102->16085 16103 89bf6f 16102->16103 16104 89bfaf GetCPInfo 16103->16104 16105 89c039 16103->16105 16106 89c024 MultiByteToWideChar 16104->16106 16107 89bfc6 16104->16107 16108 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16105->16108 16106->16105 16112 89bfdf _strlen 16106->16112 16107->16106 16109 89bfcc GetCPInfo 16107->16109 16110 89b000 16108->16110 16109->16106 16111 89bfd9 16109->16111 16110->16081 16110->16085 16111->16106 16111->16112 16113 88ec5f _malloc 67 API calls 16112->16113 16115 89c011 _memset ___convertcp 16112->16115 16113->16115 16114 89c06e MultiByteToWideChar 16116 89c086 16114->16116 16127 89c0a5 16114->16127 16115->16105 16115->16114 16117 89c0aa 16116->16117 16118 89c08d WideCharToMultiByte 16116->16118 16120 89c0c9 16117->16120 16121 89c0b5 WideCharToMultiByte 16117->16121 16118->16127 16119 899c53 __freea 67 API calls 16119->16105 16122 893677 __calloc_crt 67 API calls 16120->16122 16121->16120 16121->16127 16123 89c0d1 16122->16123 16124 89c0da WideCharToMultiByte 16123->16124 16123->16127 16125 89c0ec 16124->16125 16124->16127 16126 88e821 __mtinitlocknum 67 API calls 16125->16126 16126->16127 16127->16119 16131 893940 16128->16131 16132 893959 16131->16132 16135 893711 16132->16135 16136 89156b _LocaleUpdate::_LocaleUpdate 77 API calls 16135->16136 16138 893726 16136->16138 16137 893738 16140 88fa94 __mbsnbcpy_s_l 67 API calls 16137->16140 16138->16137 16139 893775 16138->16139 16143 899722 __isctype_l 91 API calls 16139->16143 16144 8937ba 16139->16144 16141 89373d 16140->16141 16142 8954d3 __mbsnbcpy_s_l 6 API calls 16141->16142 16146 88e9fe 16142->16146 16143->16139 16145 88fa94 __mbsnbcpy_s_l 67 API calls 16144->16145 16144->16146 16145->16146 16146->16099 16148 89aabf LCMapStringW 16147->16148 16151 89aada 16147->16151 16149 89aae2 GetLastError 16148->16149 16148->16151 16149->16151 16150 89acd8 16154 89bf26 ___ansicp 91 API calls 16150->16154 16151->16150 16152 89ab34 16151->16152 16153 89ab4d MultiByteToWideChar 16152->16153 16177 89accf 16152->16177 16162 89ab7a 16153->16162 16153->16177 16156 89ad00 16154->16156 16155 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16158 897d7a 16155->16158 16159 89ad19 16156->16159 16160 89adf4 LCMapStringA 16156->16160 16156->16177 16157 89ab93 ___convertcp 16161 89abcb MultiByteToWideChar 16157->16161 16157->16177 16158->16058 16163 89bf6f ___convertcp 74 API calls 16159->16163 16172 89ad50 16160->16172 16164 89abe4 LCMapStringW 16161->16164 16189 89acc6 16161->16189 16162->16157 16165 88ec5f _malloc 67 API calls 16162->16165 16166 89ad2b 16163->16166 16167 89ac05 16164->16167 16164->16189 16165->16157 16169 89ad35 LCMapStringA 16166->16169 16166->16177 16173 89ac0e 16167->16173 16174 89ac37 16167->16174 16168 88e821 __mtinitlocknum 67 API calls 16171 89ae1b 16168->16171 16169->16172 16178 89ad57 16169->16178 16170 899c53 __freea 67 API calls 16170->16177 16175 88e821 __mtinitlocknum 67 API calls 16171->16175 16171->16177 16172->16168 16172->16171 16176 89ac20 LCMapStringW 16173->16176 16173->16189 16184 89ac52 ___convertcp 16174->16184 16185 88ec5f _malloc 67 API calls 16174->16185 16175->16177 16176->16189 16177->16155 16180 89ad68 _memset ___convertcp 16178->16180 16181 88ec5f _malloc 67 API calls 16178->16181 16179 89ac86 LCMapStringW 16182 89ac9e WideCharToMultiByte 16179->16182 16183 89acc0 16179->16183 16180->16172 16187 89ada6 LCMapStringA 16180->16187 16181->16180 16182->16183 16186 899c53 __freea 67 API calls 16183->16186 16184->16179 16184->16189 16185->16184 16186->16189 16190 89adc2 16187->16190 16191 89adc6 16187->16191 16189->16170 16193 899c53 __freea 67 API calls 16190->16193 16192 89bf6f ___convertcp 74 API calls 16191->16192 16192->16190 16193->16172 16194->16048 16196 88e9a6 __mtinitlocknum 16195->16196 16203 88f2b5 16196->16203 16202 88e9c7 __mtinitlocknum 16202->15997 16204 892208 __lock 67 API calls 16203->16204 16205 88e9ab 16204->16205 16206 88e8af 16205->16206 16207 893110 __decode_pointer 6 API calls 16206->16207 16208 88e8c3 16207->16208 16209 893110 __decode_pointer 6 API calls 16208->16209 16210 88e8d3 16209->16210 16211 88e956 16210->16211 16229 891835 16210->16229 16226 88e9d0 16211->16226 16213 88e8f1 16216 88e91b 16213->16216 16217 88e90c 16213->16217 16225 88e93d 16213->16225 16214 893095 __encode_pointer 6 API calls 16215 88e94b 16214->16215 16218 893095 __encode_pointer 6 API calls 16215->16218 16216->16211 16220 88e915 16216->16220 16242 8936c3 16217->16242 16218->16211 16220->16216 16221 8936c3 __realloc_crt 73 API calls 16220->16221 16222 88e931 16220->16222 16223 88e92b 16221->16223 16224 893095 __encode_pointer 6 API calls 16222->16224 16223->16211 16223->16222 16224->16225 16225->16214 16251 88f2be 16226->16251 16230 891841 __mtinitlocknum 16229->16230 16231 89186e 16230->16231 16232 891851 16230->16232 16234 8918af HeapSize 16231->16234 16236 892208 __lock 67 API calls 16231->16236 16233 88fa94 __mbsnbcpy_s_l 67 API calls 16232->16233 16235 891856 16233->16235 16237 891866 __mtinitlocknum 16234->16237 16238 8954d3 __mbsnbcpy_s_l 6 API calls 16235->16238 16239 89187e ___sbh_find_block 16236->16239 16237->16213 16238->16237 16247 8918cf 16239->16247 16245 8936cc 16242->16245 16243 88e606 _realloc 72 API calls 16243->16245 16244 89370b 16244->16220 16245->16243 16245->16244 16246 8936ec Sleep 16245->16246 16246->16245 16250 89212e LeaveCriticalSection 16247->16250 16249 8918aa 16249->16234 16249->16237 16250->16249 16254 89212e LeaveCriticalSection 16251->16254 16253 88e9d5 16253->16202 16254->16253 16255 881c86 16256 881c8f 16255->16256 16259 881bbc 16256->16259 16261 881c79 16259->16261 16264 881bf2 16259->16264 16260 881bf3 RegOpenKeyExA 16260->16264 16262 881c10 RegQueryValueExA 16262->16264 16263 881c62 RegCloseKey 16263->16264 16264->16260 16264->16261 16264->16262 16264->16263 16265 88eab7 16266 88eac8 16265->16266 16302 89223b HeapCreate 16266->16302 16269 88eb07 16304 8934a5 GetModuleHandleW 16269->16304 16273 88eb18 __RTC_Initialize 16338 8942c5 16273->16338 16274 88ea5f _fast_error_exit 67 API calls 16274->16273 16276 88eb26 16277 88eb32 GetCommandLineA 16276->16277 16279 88f249 __amsg_exit 67 API calls 16276->16279 16353 89418e 16277->16353 16280 88eb31 16279->16280 16280->16277 16284 88eb57 16392 893e5b 16284->16392 16285 88f249 __amsg_exit 67 API calls 16285->16284 16288 88eb68 16407 88f308 16288->16407 16290 88f249 __amsg_exit 67 API calls 16290->16288 16291 88eb6f 16292 88f249 __amsg_exit 67 API calls 16291->16292 16294 88eb7a 16291->16294 16292->16294 16413 893dfc 16294->16413 16298 88eba9 16440 88f4e5 16298->16440 16301 88ebae __mtinitlocknum 16303 88eafb 16302->16303 16303->16269 16432 88ea5f 16303->16432 16305 8934b9 16304->16305 16306 8934c0 16304->16306 16307 88f219 __crt_waiting_on_module_handle 2 API calls 16305->16307 16308 893628 16306->16308 16309 8934ca GetProcAddress GetProcAddress GetProcAddress GetProcAddress 16306->16309 16310 8934bf 16307->16310 16454 8931bf 16308->16454 16311 893513 TlsAlloc 16309->16311 16310->16306 16314 88eb0d 16311->16314 16315 893561 TlsSetValue 16311->16315 16314->16273 16314->16274 16315->16314 16316 893572 16315->16316 16443 88f503 16316->16443 16319 893095 __encode_pointer 6 API calls 16320 893582 16319->16320 16321 893095 __encode_pointer 6 API calls 16320->16321 16322 893592 16321->16322 16323 893095 __encode_pointer 6 API calls 16322->16323 16324 8935a2 16323->16324 16325 893095 __encode_pointer 6 API calls 16324->16325 16326 8935b2 16325->16326 16450 89208c 16326->16450 16329 893110 __decode_pointer 6 API calls 16330 8935d3 16329->16330 16330->16308 16331 893677 __calloc_crt 67 API calls 16330->16331 16332 8935ec 16331->16332 16332->16308 16333 893110 __decode_pointer 6 API calls 16332->16333 16334 893606 16333->16334 16334->16308 16335 89360d 16334->16335 16336 8931fc __initptd 67 API calls 16335->16336 16337 893615 GetCurrentThreadId 16336->16337 16337->16314 16463 8912c0 16338->16463 16340 8942d1 GetStartupInfoA 16341 893677 __calloc_crt 67 API calls 16340->16341 16348 8942f2 16341->16348 16342 894510 __mtinitlocknum 16342->16276 16343 89448d GetStdHandle 16352 894457 16343->16352 16344 8944f2 SetHandleCount 16344->16342 16345 893677 __calloc_crt 67 API calls 16345->16348 16346 89449f GetFileType 16346->16352 16347 8943da 16347->16342 16349 894403 GetFileType 16347->16349 16351 8958ac __mtinitlocknum InitializeCriticalSectionAndSpinCount 16347->16351 16347->16352 16348->16342 16348->16345 16348->16347 16348->16352 16349->16347 16350 8958ac __mtinitlocknum InitializeCriticalSectionAndSpinCount 16350->16352 16351->16347 16352->16342 16352->16343 16352->16344 16352->16346 16352->16350 16354 8941ac GetEnvironmentStringsW 16353->16354 16358 8941cb 16353->16358 16355 8941c0 GetLastError 16354->16355 16356 8941b4 16354->16356 16355->16358 16359 8941e7 GetEnvironmentStringsW 16356->16359 16360 8941f6 WideCharToMultiByte 16356->16360 16357 894264 16361 89426d GetEnvironmentStrings 16357->16361 16362 88eb42 16357->16362 16358->16356 16358->16357 16359->16360 16359->16362 16366 894259 FreeEnvironmentStringsW 16360->16366 16367 89422a 16360->16367 16361->16362 16363 89427d 16361->16363 16379 8940d3 16362->16379 16368 893632 __malloc_crt 67 API calls 16363->16368 16366->16362 16369 893632 __malloc_crt 67 API calls 16367->16369 16371 894297 16368->16371 16370 894230 16369->16370 16370->16366 16374 894238 WideCharToMultiByte 16370->16374 16372 8942aa _realloc 16371->16372 16373 89429e FreeEnvironmentStringsA 16371->16373 16377 8942b4 FreeEnvironmentStringsA 16372->16377 16373->16362 16375 89424a 16374->16375 16376 894252 16374->16376 16378 88e821 __mtinitlocknum 67 API calls 16375->16378 16376->16366 16377->16362 16378->16376 16380 8940e8 16379->16380 16381 8940ed GetModuleFileNameA 16379->16381 16470 8982eb 16380->16470 16383 894114 16381->16383 16464 893f39 16383->16464 16386 88eb4c 16386->16284 16386->16285 16387 894150 16388 893632 __malloc_crt 67 API calls 16387->16388 16389 894156 16388->16389 16389->16386 16390 893f39 _parse_cmdline 77 API calls 16389->16390 16391 894170 16390->16391 16391->16386 16393 893e64 16392->16393 16396 893e69 _strlen 16392->16396 16394 8982eb ___initmbctable 111 API calls 16393->16394 16394->16396 16395 88eb5d 16395->16288 16395->16290 16396->16395 16397 893677 __calloc_crt 67 API calls 16396->16397 16400 893e9e _strlen 16397->16400 16398 893efc 16399 88e821 __mtinitlocknum 67 API calls 16398->16399 16399->16395 16400->16395 16400->16398 16401 893677 __calloc_crt 67 API calls 16400->16401 16402 893f22 16400->16402 16404 88f551 _strcpy_s 67 API calls 16400->16404 16405 893ee3 16400->16405 16401->16400 16403 88e821 __mtinitlocknum 67 API calls 16402->16403 16403->16395 16404->16400 16405->16400 16406 8953ab __invoke_watson 10 API calls 16405->16406 16406->16405 16408 88f316 __IsNonwritableInCurrentImage 16407->16408 16480 8954f9 16408->16480 16410 88f334 __initterm_e 16411 88e9d6 __cinit 74 API calls 16410->16411 16412 88f353 __IsNonwritableInCurrentImage __initterm 16410->16412 16411->16412 16412->16291 16414 893e0a 16413->16414 16416 893e0f 16413->16416 16415 8982eb ___initmbctable 111 API calls 16414->16415 16415->16416 16417 88eb80 16416->16417 16418 89165e __wincmdln 77 API calls 16416->16418 16419 89eb46 16417->16419 16418->16416 16420 89eb87 16419->16420 16484 883398 16420->16484 16423 88548b ctype 110 API calls 16424 89eb9e 16423->16424 16487 88c45d SetErrorMode SetErrorMode 16424->16487 16429 88f4b9 16812 88f38d 16429->16812 16431 88f4ca 16431->16298 16433 88ea6d 16432->16433 16434 88ea72 16432->16434 16435 893c63 __FF_MSGBANNER 67 API calls 16433->16435 16436 893ab8 __NMSG_WRITE 67 API calls 16434->16436 16435->16434 16437 88ea7a 16436->16437 16438 88f29d __mtinitlocknum 3 API calls 16437->16438 16439 88ea84 16438->16439 16439->16269 16441 88f38d _doexit 72 API calls 16440->16441 16442 88f4f0 16441->16442 16442->16301 16444 893107 _raise 6 API calls 16443->16444 16445 88f50b __init_pointers __initp_misc_winsig 16444->16445 16460 895338 16445->16460 16448 893095 __encode_pointer 6 API calls 16449 88f547 16448->16449 16449->16319 16451 892097 16450->16451 16452 8958ac __mtinitlocknum InitializeCriticalSectionAndSpinCount 16451->16452 16453 8920c5 16451->16453 16452->16451 16453->16308 16453->16329 16455 8931c9 16454->16455 16456 8931d5 16454->16456 16457 893110 __decode_pointer 6 API calls 16455->16457 16458 8931e9 TlsFree 16456->16458 16459 8931f7 16456->16459 16457->16456 16458->16459 16459->16459 16461 893095 __encode_pointer 6 API calls 16460->16461 16462 88f53d 16461->16462 16462->16448 16463->16340 16466 893f58 16464->16466 16468 893fc5 16466->16468 16474 89165e 16466->16474 16467 8940c3 16467->16386 16467->16387 16468->16467 16469 89165e 77 API calls __wincmdln 16468->16469 16469->16468 16471 8982f4 16470->16471 16472 8982fb 16470->16472 16473 898151 __setmbcp 111 API calls 16471->16473 16472->16381 16473->16472 16477 8915f2 16474->16477 16478 89156b _LocaleUpdate::_LocaleUpdate 77 API calls 16477->16478 16479 891605 16478->16479 16479->16466 16481 8954ff 16480->16481 16482 893095 __encode_pointer 6 API calls 16481->16482 16483 895517 16481->16483 16482->16481 16483->16410 16517 8854be 16484->16517 16488 88548b ctype 110 API calls 16487->16488 16489 88c47a 16488->16489 16525 884c2f 16489->16525 16492 88548b ctype 110 API calls 16493 88c48f 16492->16493 16494 88c4ac 16493->16494 16533 88c2d7 16493->16533 16496 88548b ctype 110 API calls 16494->16496 16497 88c4b1 16496->16497 16498 88c4bd GetModuleHandleA 16497->16498 16557 883996 16497->16557 16500 88c4cc GetProcAddress 16498->16500 16501 88c4dd 16498->16501 16500->16501 16502 88ca5c 16501->16502 16618 88c9bd 16502->16618 16504 88ca65 16505 88548b ctype 110 API calls 16504->16505 16506 88ca6a 16505->16506 16507 8854be ctype 110 API calls 16506->16507 16508 88ca84 16507->16508 16509 884ed0 104 API calls 16508->16509 16510 88caa1 16509->16510 16511 88548b ctype 110 API calls 16510->16511 16512 88caa8 16511->16512 16513 88cace 16512->16513 16514 88cabb UnhookWindowsHookEx 16512->16514 16515 88cac1 16512->16515 16513->16298 16513->16429 16514->16515 16515->16513 16516 88cac8 UnhookWindowsHookEx 16515->16516 16516->16513 16518 88548b ctype 110 API calls 16517->16518 16519 8854c3 16518->16519 16522 88238c 16519->16522 16523 88651f ctype 104 API calls 16522->16523 16524 882396 16523->16524 16524->16423 16563 884b33 16525->16563 16528 884c75 16530 884c7c SetLastError 16528->16530 16532 884c89 16528->16532 16529 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16531 884d29 16529->16531 16530->16532 16531->16492 16532->16529 16534 88548b ctype 110 API calls 16533->16534 16535 88c2f6 GetModuleFileNameA 16534->16535 16536 88c31e 16535->16536 16537 88c327 PathFindExtensionA 16536->16537 16589 885671 16536->16589 16539 88c33e 16537->16539 16540 88c343 16537->16540 16541 885671 RaiseException 16539->16541 16569 88c297 16540->16569 16541->16540 16544 88c369 16547 88c37b 16544->16547 16592 88fbce 16544->16592 16545 885671 RaiseException 16545->16544 16549 88c44e 16547->16549 16551 8847c3 ctype RaiseException 16547->16551 16552 88fb5a _strcat_s 67 API calls 16547->16552 16555 88fbce 67 API calls __strdup 16547->16555 16556 881f38 ctype RaiseException 16547->16556 16577 886792 16547->16577 16600 881fba 16547->16600 16550 88e5f7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16549->16550 16553 88c45b 16550->16553 16551->16547 16552->16547 16553->16494 16555->16547 16556->16547 16558 88548b ctype 110 API calls 16557->16558 16559 88399b 16558->16559 16560 8839c3 16559->16560 16615 884ed0 16559->16615 16560->16498 16564 884b3c GetModuleHandleA 16563->16564 16565 884ba0 GetModuleFileNameW 16563->16565 16566 884b50 16564->16566 16567 884b55 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 16564->16567 16565->16528 16565->16532 16568 8847fb ctype RaiseException 16566->16568 16567->16565 16568->16567 16570 88c2a2 16569->16570 16571 88c2a7 PathFindFileNameA 16569->16571 16572 8847fb ctype RaiseException 16570->16572 16573 88c2c0 16571->16573 16574 88c2b6 lstrlenA 16571->16574 16572->16571 16576 884817 ctype 78 API calls 16573->16576 16575 88c2ce 16574->16575 16575->16544 16575->16545 16576->16575 16578 8867a3 16577->16578 16579 8867e6 16577->16579 16578->16579 16581 8867aa 16578->16581 16580 8847fb ctype RaiseException 16579->16580 16582 8867eb 16580->16582 16583 88548b ctype 110 API calls 16581->16583 16584 8867af 16583->16584 16605 882035 FindResourceA 16584->16605 16586 8867bb 16587 8867cc WideCharToMultiByte 16586->16587 16588 8867c1 16586->16588 16587->16588 16588->16547 16590 8914ac __CxxThrowException@8 RaiseException 16589->16590 16591 88568c 16590->16591 16591->16537 16593 88fbdf _strlen 16592->16593 16599 88fbdb 16592->16599 16594 88ec5f _malloc 67 API calls 16593->16594 16595 88fbf2 16594->16595 16596 88f551 _strcpy_s 67 API calls 16595->16596 16595->16599 16597 88fc04 16596->16597 16598 8953ab __invoke_watson 10 API calls 16597->16598 16597->16599 16598->16599 16599->16547 16601 88f551 _strcpy_s 67 API calls 16600->16601 16602 881fcd 16601->16602 16603 881f38 ctype RaiseException 16602->16603 16604 881fd3 16603->16604 16604->16547 16606 882054 16605->16606 16607 882056 16605->16607 16606->16586 16610 881fd8 LoadResource 16607->16610 16609 882062 16609->16586 16611 881fed 16610->16611 16612 881fef LockResource 16610->16612 16611->16609 16613 881ffd SizeofResource 16612->16613 16614 882013 16612->16614 16613->16614 16614->16609 16616 88651f ctype 104 API calls 16615->16616 16617 8839a7 GetCurrentThreadId SetWindowsHookExA 16616->16617 16617->16560 16619 88c9c9 __EH_prolog3 16618->16619 16620 88548b ctype 110 API calls 16619->16620 16621 88c9ce 16620->16621 16622 88b9e8 ctype 6 API calls 16621->16622 16623 88c9d7 16622->16623 16635 88c199 16623->16635 16625 88ca3d 16652 8823a0 16625->16652 16626 88548b ctype 110 API calls 16628 88c9fe UnregisterClassA 16626->16628 16630 88c199 116 API calls 16628->16630 16629 88ca44 16631 88ba5a ctype 2 API calls 16629->16631 16633 88c9f4 16630->16633 16634 88ca4b ctype 16631->16634 16633->16625 16633->16626 16656 883cc8 16633->16656 16634->16504 16636 88c1bf 16635->16636 16637 88c1b5 16635->16637 16639 88c210 16636->16639 16642 88c1cb 16636->16642 16638 881f64 ctype 80 API calls 16637->16638 16638->16636 16640 88c22e 16639->16640 16641 88c217 16639->16641 16683 883bb3 16640->16683 16675 88c15a 16641->16675 16642->16640 16663 891c16 16642->16663 16647 88c1eb 16666 891cf4 16647->16666 16651 88c20e 16651->16633 16653 8823b4 16652->16653 16654 8823c1 16652->16654 16653->16654 16655 8820ca 80 API calls 16653->16655 16654->16629 16655->16654 16657 883cf5 16656->16657 16658 883ce2 16656->16658 16657->16633 16659 883d07 16658->16659 16660 883cee 16658->16660 16661 882921 80 API calls 16659->16661 16662 883b06 80 API calls 16660->16662 16661->16657 16662->16657 16686 891b4f 16663->16686 16665 88c1e0 16665->16640 16665->16647 16693 891c2d 16666->16693 16668 88c1f4 16669 88c0db 16668->16669 16670 88c0f0 16669->16670 16700 88c097 16670->16700 16672 88c137 16672->16651 16676 88c166 __EH_prolog3 16675->16676 16730 8823d7 16676->16730 16681 88c18f ctype 16681->16651 16684 8823d7 80 API calls 16683->16684 16685 883bc3 16684->16685 16685->16651 16687 89156b _LocaleUpdate::_LocaleUpdate 77 API calls 16686->16687 16688 891b64 16687->16688 16689 88fa94 __mbsnbcpy_s_l 67 API calls 16688->16689 16692 891b6e _strspn 16688->16692 16690 891b8c 16689->16690 16691 8954d3 __mbsnbcpy_s_l 6 API calls 16690->16691 16691->16692 16692->16665 16694 89156b _LocaleUpdate::_LocaleUpdate 77 API calls 16693->16694 16695 891c42 16694->16695 16696 88fa94 __mbsnbcpy_s_l 67 API calls 16695->16696 16697 891c4c _strcspn 16695->16697 16698 891c6a 16696->16698 16697->16668 16699 8954d3 __mbsnbcpy_s_l 6 API calls 16698->16699 16699->16697 16701 88c0ac 16700->16701 16702 88c0b9 16701->16702 16703 881f64 ctype 80 API calls 16701->16703 16702->16672 16704 883bed 16702->16704 16703->16702 16707 883b90 16704->16707 16710 883b06 16707->16710 16712 883b17 16710->16712 16711 883b23 16711->16672 16712->16711 16713 883b44 16712->16713 16716 882131 16712->16716 16721 88f5b9 16713->16721 16717 881f64 ctype 80 API calls 16716->16717 16718 88213b 16717->16718 16719 882131 80 API calls 16718->16719 16720 88216b 16718->16720 16719->16720 16720->16713 16722 88f5cd _memset 16721->16722 16726 88f5c9 _realloc 16721->16726 16723 88f5d2 16722->16723 16722->16726 16727 88f61c 16722->16727 16724 88fa94 __mbsnbcpy_s_l 67 API calls 16723->16724 16725 88f5d7 16724->16725 16728 8954d3 __mbsnbcpy_s_l 6 API calls 16725->16728 16726->16711 16727->16726 16729 88fa94 __mbsnbcpy_s_l 67 API calls 16727->16729 16728->16726 16729->16725 16731 8823f0 16730->16731 16732 8823e6 16730->16732 16734 882a07 16731->16734 16733 881f64 ctype 80 API calls 16732->16733 16733->16731 16735 882a26 16734->16735 16736 882a13 16734->16736 16735->16681 16738 882c72 16735->16738 16736->16735 16741 8829e3 16736->16741 16778 882c3a 16738->16778 16746 8867ec 16741->16746 16744 882a02 16744->16735 16747 88548b ctype 110 API calls 16746->16747 16748 8829f3 16747->16748 16748->16744 16749 8828c6 16748->16749 16750 882035 4 API calls 16749->16750 16751 8828db 16750->16751 16759 882917 16751->16759 16760 8820f5 WideCharToMultiByte 16751->16760 16753 8828f2 16761 8827c1 16753->16761 16757 88290b 16766 8820ca 16757->16766 16759->16744 16760->16753 16762 8827e8 16761->16762 16763 8827de 16761->16763 16765 882111 WideCharToMultiByte 16762->16765 16771 88246b 16763->16771 16765->16757 16767 8820d6 16766->16767 16768 8820dd 16767->16768 16769 881f64 ctype 80 API calls 16767->16769 16768->16759 16770 8820f4 16769->16770 16772 882480 16771->16772 16773 882488 16772->16773 16775 882490 16772->16775 16774 882401 80 API calls 16773->16774 16776 88248e 16774->16776 16775->16776 16777 88213c 80 API calls 16775->16777 16776->16762 16777->16776 16781 882a2c 16778->16781 16782 882a3c 16781->16782 16785 882921 16782->16785 16786 88292f 16785->16786 16787 882936 16785->16787 16788 8823a0 80 API calls 16786->16788 16789 882948 16787->16789 16790 881f64 ctype 80 API calls 16787->16790 16799 882934 16788->16799 16791 8827c1 80 API calls 16789->16791 16790->16789 16792 882958 16791->16792 16793 882960 16792->16793 16794 882971 16792->16794 16800 88f6cb 16793->16800 16795 88f5b9 _memcpy_s 67 API calls 16794->16795 16797 88296f 16795->16797 16798 8820ca 80 API calls 16797->16798 16798->16799 16799->16681 16801 88f6db 16800->16801 16802 88f6f4 16800->16802 16803 88f6e0 16801->16803 16804 88f700 16801->16804 16802->16797 16805 88fa94 __mbsnbcpy_s_l 67 API calls 16803->16805 16806 88f713 16804->16806 16807 88f705 16804->16807 16808 88f6e5 16805->16808 16810 895910 _memmove_s __VEC_memcpy 16806->16810 16809 88fa94 __mbsnbcpy_s_l 67 API calls 16807->16809 16811 8954d3 __mbsnbcpy_s_l 6 API calls 16808->16811 16809->16808 16810->16802 16811->16802 16813 88f399 __mtinitlocknum 16812->16813 16814 892208 __lock 67 API calls 16813->16814 16815 88f3a0 16814->16815 16818 893110 __decode_pointer 6 API calls 16815->16818 16822 88f459 __initterm 16815->16822 16820 88f3d7 16818->16820 16819 88f4a1 __mtinitlocknum 16819->16431 16820->16822 16824 893110 __decode_pointer 6 API calls 16820->16824 16842 88f4a4 16822->16842 16823 88f498 16825 88f29d __mtinitlocknum 3 API calls 16823->16825 16828 88f3ec 16824->16828 16825->16819 16826 893110 6 API calls __decode_pointer 16826->16828 16827 893107 6 API calls _raise 16827->16828 16828->16822 16828->16826 16828->16827 16831 886000 16828->16831 16835 885fef 16828->16835 16832 88600c 16831->16832 16833 886027 16831->16833 16832->16833 16847 884fda 16832->16847 16833->16828 16836 88ba5a ctype 2 API calls 16835->16836 16837 885ff6 16836->16837 16838 8914ac __CxxThrowException@8 RaiseException 16837->16838 16840 885fff 16838->16840 16839 886027 16839->16828 16840->16839 16841 884fda 3 API calls 16840->16841 16841->16839 16843 88f4aa 16842->16843 16844 88f485 16842->16844 16866 89212e LeaveCriticalSection 16843->16866 16844->16819 16846 89212e LeaveCriticalSection 16844->16846 16846->16823 16852 884ee9 16847->16852 16849 884fe7 16850 884ff3 16849->16850 16856 885f2e 16849->16856 16850->16833 16854 884ef5 __EH_prolog3 ctype 16852->16854 16859 8865a9 16854->16859 16855 884f7b ctype 16855->16849 16857 885f39 LocalFree 16856->16857 16858 885f40 16856->16858 16857->16858 16858->16850 16860 8865c4 16859->16860 16861 8865b4 16859->16861 16860->16855 16861->16860 16863 886274 EnterCriticalSection 16861->16863 16865 886293 LeaveCriticalSection 16863->16865 16865->16860 16866->16844

                                      Executed Functions

                                      Function 100019D0 Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 172serviceregistrystringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 10001A0F
                                      • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 10001A3B
                                      • CreateServiceA.ADVAPI32(00000000,?,?,000F01FF,00000110,00000002,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 10001A67
                                      • LockServiceDatabase.ADVAPI32(?), ref: 10001A74
                                      • ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?), ref: 10001A8B
                                      • UnlockServiceDatabase.ADVAPI32(00000000), ref: 10001A92
                                      • GetLastError.KERNEL32 ref: 10001AA2
                                      • OpenServiceA.ADVAPI32(?,?,000F01FF), ref: 10001ABA
                                      • StartServiceA.ADVAPI32 ref: 10001AD3
                                      • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 10001ADA
                                      • RegOpenKeyA.ADVAPI32(80000002,?,00000000), ref: 10001B3F
                                      • lstrlen.KERNEL32 ref: 10001B86
                                      • RegSetValueExA.KERNELBASE(?,?,00000000,00000001,?,00000000), ref: 10001B9C
                                      • RegCloseKey.KERNELBASE(00000000), ref: 10001BA7
                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 10001BC0
                                      • CloseServiceHandle.ADVAPI32(?), ref: 10001BC7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Service$CloseOpen$DatabaseHandleStart$ChangeConfig2CreateErrorLastLockManagerUnlockValue_memsetlstrlen
                                      • String ID: D$c$e$n$o$p$r$s$t
                                      • API String ID: 2185839690-1025341413
                                      • Opcode ID: 37f2617e90ae54baca2fbbffeea3fcef389650bc486e0ea2d9f1abbc8d4c6943
                                      • Instruction ID: cb487d3376347de1c1cc0c83f22978b7210f4ae86925edaab3ca3a6e2c12f8e1
                                      • Opcode Fuzzy Hash: 37f2617e90ae54baca2fbbffeea3fcef389650bc486e0ea2d9f1abbc8d4c6943
                                      • Instruction Fuzzy Hash: 8D5108715083859FE311DF68CC48B9BBBE8EF89784F044A4CF58997242DBB5E904C7A2
                                      Function 100016E0 Relevance: 22.8, APIs: 5, Strings: 8, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(00000028,04B08C62), ref: 100016F4
                                      • OpenProcessToken.ADVAPI32(00000000), ref: 100016FB
                                      • LookupPrivilegeValueA.ADVAPI32 ref: 10001768
                                      • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 10001793
                                      • CloseHandle.KERNELBASE ref: 1000179D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                      • String ID: D$P$S$b$l$r$u$v
                                      • API String ID: 3038321057-2680133038
                                      • Opcode ID: 0f8f09506c273f14d7940b5691eb4955810dc2d5a6b1d75380ef4c560048f307
                                      • Instruction ID: 806b9db3c9720ce491169ecc7032a5b6b3028df8eea08869397e21aa1dcb501e
                                      • Opcode Fuzzy Hash: 0f8f09506c273f14d7940b5691eb4955810dc2d5a6b1d75380ef4c560048f307
                                      • Instruction Fuzzy Hash: 45210E6010D3C0DEE305DB648885B5BBFE4AFAD748F044A4CF1C856292C6B9D648CB6B
                                      Function 00882175 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 228 882175-88219d 229 88219f-8821b5 call 88f551 call 881f38 228->229 230 8821b7-8821c7 GetLocaleInfoA 228->230 231 8821c9-882206 call 88fa94 * 2 call 88fa31 call 88fa94 229->231 230->231 232 882237 230->232 248 882208-882215 call 88fa94 call 881f80 231->248 249 882217-88221c call 88fa94 231->249 235 882239-882246 call 88e5f7 232->235 254 88221e-882222 248->254 249->254 254->232 256 882224-882226 254->256 256->232 258 882228-882235 LoadLibraryA 256->258 258->235
                                      APIs
                                      • _strcpy_s.LIBCMT ref: 008821A7
                                        • Part of subcall function 00881F38: __CxxThrowException@8.LIBCMT ref: 00884811
                                        • Part of subcall function 00881F38: __cftof.LIBCMT ref: 00884828
                                        • Part of subcall function 0088FA94: __getptd_noexit.LIBCMT ref: 0088FA94
                                      • GetLocaleInfoA.KERNELBASE(00000800,00000003,?,00000004), ref: 008821BF
                                      • __snwprintf_s.LIBCMT ref: 008821F4
                                      • LoadLibraryA.KERNELBASE(?), ref: 0088222F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Exception@8InfoLibraryLoadLocaleThrow__cftof__getptd_noexit__snwprintf_s_strcpy_s
                                      • String ID: LOC
                                      • API String ID: 1016519223-519433814
                                      • Opcode ID: 621ab4c9934d9140269f2f839482d4588271683df52faa62a8d0139f99bf38ad
                                      • Instruction ID: 9bdc9ee729a2681a055d4e50dedc492d73a83003044fc32bdf20749489f62745
                                      • Opcode Fuzzy Hash: 621ab4c9934d9140269f2f839482d4588271683df52faa62a8d0139f99bf38ad
                                      • Instruction Fuzzy Hash: A521A271A4021DAADB14BB68CC4ABE976ACFF02728F1044B5B708D7092DB749D158BA2
                                      Function 00882035 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindResourceA.KERNEL32(?,?,00000006), ref: 0088204A
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: FindResource
                                      • String ID:
                                      • API String ID: 1635176832-0
                                      • Opcode ID: b3e68b48781ddcf73d7f01b040371560b87b9fe37736f5991e56b7eca6e05254
                                      • Instruction ID: 545c03e04b057b5357546305faa34bf29f226031b4ae8fbadfa1c68ee51fdd3f
                                      • Opcode Fuzzy Hash: b3e68b48781ddcf73d7f01b040371560b87b9fe37736f5991e56b7eca6e05254
                                      • Instruction Fuzzy Hash: 01E0177150010C7BEF202E49EC05EBA3B9EFB80764F008020FD1DD9160DB32D962EB50
                                      Function 100042B0 Relevance: 43.8, APIs: 3, Strings: 22, Instructions: 87stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 100042EB
                                      • wsprintfA.USER32 ref: 100043AE
                                      • lstrlen.KERNEL32(?,?,00000000,00000400,?,00000000,75B0A250,00000000), ref: 100043C0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memsetlstrlenwsprintf
                                      • String ID: %$C$C$E$M$T$Y$\$\$\$c$i$l$n$n$o$o$t$t$t$u$v
                                      • API String ID: 3920701723-2259266472
                                      • Opcode ID: fc51423a54f20ba0cd1b383de45813308f1179013de3e2716c4e834ab73a54c8
                                      • Instruction ID: a46160f322702c2bd1028dd7a75798120cbe2231d1047d22e2e72d5a756cfe09
                                      • Opcode Fuzzy Hash: fc51423a54f20ba0cd1b383de45813308f1179013de3e2716c4e834ab73a54c8
                                      • Instruction Fuzzy Hash: 7441FE6110D3C0DEE352C768988479FBFE55FA6608F48194DF2D817283C6BA9618C77B
                                      Function 00881740 Relevance: 42.2, APIs: 2, Strings: 26, Instructions: 164stringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                        • Part of subcall function 0088226C: InterlockedExchange.KERNEL32(008B9FC0,?), ref: 00882295
                                      • lstrlenA.KERNEL32 ref: 0088189F
                                      • lstrlenA.KERNEL32(TTTTTTTTTTTTXUY1c2KCNkzuiqp/UP+lPmT6cJwajsRtwz5ueIbG4bodZR8qFqGmidY/9UJgTFKbZVMbmiZRW8hD/o8scHdywwbEMPShXQYKwBrKKzcrj21dsFcFl+rGjdpiYDzW5PW0uKnobCZ4L0P9C01QD6M6HhIa91a0JHWt9O4rWDpysqI1i0k5HSwxNckqt5NZCA49SjsoE5nQYz0Lz2T8JN2pwIenRTwNbJ6csBfi8InJh9ohPFUFuLLO4wmA,008B70E0,00000170,?,?,?,?,?), ref: 00881946
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: lstrlen$ExchangeInterlocked
                                      • String ID: $.$.$.$.$0$0$1$3$6$D$D$I$L$LTY 1.0$S$T$TTTTTTTTTTTTXUY1c2KCNkzuiqp/UP+lPmT6cJwajsRtwz5ueIbG4bodZR8qFqGmidY/9UJgTFKbZVMbmiZRW8hD/o8scHdywwbEMPShXQYKwBrKKzcrj21dsFcFl+rGjdpiYDzW5PW0uKnobCZ4L0P9C01QD6M6HhIa91a0JHWt9O4rWDpysqI1i0k5HSwxNckqt5NZCA49SjsoE5nQYz0Lz2T8JN2pwIenRTwNbJ6csBfi8InJh9ohPFUFuLLO4wmA$Y$_$_$b$i$o$s$s
                                      • API String ID: 1199788857-709353657
                                      • Opcode ID: b2e784a329565311a84f9b99f2cc5422cf838a4741ffc17182e790ec40376088
                                      • Instruction ID: 3dda335ae903c807c77e8b5ae3eb17a163771aa23466c8a60601cbe37570bb3a
                                      • Opcode Fuzzy Hash: b2e784a329565311a84f9b99f2cc5422cf838a4741ffc17182e790ec40376088
                                      • Instruction Fuzzy Hash: 8C618B7050C3C19ED711EB28884479BBFE5AFA6348F08495DF4C897342D6BAC609CBA7
                                      Function 008824BE Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 158libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 008824C8
                                      • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,0088278F,?,?), ref: 008824F8
                                      • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0088250C
                                      • ConvertDefaultLocale.KERNELBASE(?), ref: 00882548
                                      • ConvertDefaultLocale.KERNELBASE(?), ref: 00882556
                                      • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 00882573
                                      • ConvertDefaultLocale.KERNEL32(?), ref: 0088259E
                                      • ConvertDefaultLocale.KERNEL32(000003FF), ref: 008825A7
                                      • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 008825C0
                                      • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,Function_00001A5E,?), ref: 008825DD
                                      • ConvertDefaultLocale.KERNEL32(?), ref: 00882610
                                      • ConvertDefaultLocale.KERNEL32(00000000), ref: 00882619
                                      • GetModuleFileNameA.KERNEL32(00880000,?,00000105), ref: 0088265C
                                      • _memset.LIBCMT ref: 0088267C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                                      • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll$p,t
                                      • API String ID: 3537336938-1723308960
                                      • Opcode ID: f13ef9e5b9754ec62ff06df2e995fa0f481af16adb8dc2bcffe66c227756d3e4
                                      • Instruction ID: 16ed9737bf9f20892025c4e926786c99b53e151eb98fc23382c23253ecb7cc08
                                      • Opcode Fuzzy Hash: f13ef9e5b9754ec62ff06df2e995fa0f481af16adb8dc2bcffe66c227756d3e4
                                      • Instruction Fuzzy Hash: 36513BB1D002289BDB65EF65CC45BEDBAB4FB59300F1401EAE548E3280EB749E81CF90
                                      Function 0088EAB7 Relevance: 22.6, APIs: 15, Instructions: 86COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__mtinit__setargv__setenvp__wincmdln
                                      • String ID:
                                      • API String ID: 3545360858-0
                                      • Opcode ID: 253788bba735c08d51360628ba55e8c537b05ce8aa6c50c7fcb35f49d3a55695
                                      • Instruction ID: f632617d6ff2f84690a4781ce7006fe00443e88e5a53bd22a41e16e241cf3993
                                      • Opcode Fuzzy Hash: 253788bba735c08d51360628ba55e8c537b05ce8aa6c50c7fcb35f49d3a55695
                                      • Instruction Fuzzy Hash: DB2198749407199EDF647BB9DC86B7E32A4FF10B25F14042AF502FA183EBB4C9449B52
                                      Function 0088C2D7 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 122COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 135 88c2d7-88c31c call 88548b GetModuleFileNameA 138 88c31e-88c320 135->138 139 88c322 call 885671 135->139 138->139 140 88c327-88c33c PathFindExtensionA 138->140 139->140 142 88c33e call 885671 140->142 143 88c343-88c362 call 88c297 140->143 142->143 147 88c369-88c36d 143->147 148 88c364 call 885671 143->148 150 88c388-88c38d 147->150 151 88c36f-88c381 call 88fbce 147->151 148->147 153 88c38f-88c3a0 call 886792 150->153 154 88c3c2-88c3c9 150->154 151->150 161 88c383 call 8847c3 151->161 162 88c3a5-88c3a7 153->162 155 88c3cb-88c3d8 154->155 156 88c416-88c41a 154->156 159 88c3da-88c3df 155->159 160 88c3e1 155->160 163 88c41c-88c448 call 88fb5a call 881f38 call 88fbce 156->163 164 88c44e-88c45c call 88e5f7 156->164 165 88c3e6-88c407 call 881fba call 88fbce 159->165 160->165 161->150 168 88c3a9-88c3b0 162->168 169 88c3b2 162->169 163->161 163->164 165->161 184 88c40d-88c413 165->184 173 88c3b5-88c3c0 call 88fbce 168->173 169->173 173->154 173->161 184->156
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __strdup$ExtensionFileFindModuleNamePath_strcat_s
                                      • String ID: .CHM$.HLP$.INI
                                      • API String ID: 1153805871-4017452060
                                      • Opcode ID: 9d54ddf859d491bebb129aed26147f0ba9d4df98eeea6006390a790fba21541a
                                      • Instruction ID: 9aa230c386de085480793958516de694ebe0121b2c476deec13e5c78bffa2e62
                                      • Opcode Fuzzy Hash: 9d54ddf859d491bebb129aed26147f0ba9d4df98eeea6006390a790fba21541a
                                      • Instruction Fuzzy Hash: 29415CB19007099BDB21FB79CC45B9AB7ECFF04310F0049AAE555D2641EB74EA85CB61
                                      Function 0088611D Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 185 88611d-88613e EnterCriticalSection 186 88614d-886152 185->186 187 886140-886147 185->187 189 88616f-886177 186->189 190 886154-886157 186->190 187->186 188 88620b-88620e 187->188 192 886210-886213 188->192 193 886216-886234 LeaveCriticalSection 188->193 194 886179-88618c call 886067 GlobalAlloc 189->194 195 88618e-8861b2 GlobalHandle GlobalUnlock call 886067 GlobalReAlloc 189->195 191 88615a-88615d 190->191 196 88615f-886165 191->196 197 886167-886169 191->197 192->193 202 8861b8-8861ba 194->202 195->202 196->191 196->197 197->188 197->189 203 8861bc-8861c1 202->203 204 8861df-886208 GlobalLock call 88fae0 202->204 205 8861d1-8861da LeaveCriticalSection call 8847c3 203->205 206 8861c3-8861cb GlobalHandle GlobalLock 203->206 204->188 205->204 206->205
                                      APIs
                                      • EnterCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000,?,00886573,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00886130
                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,00000000,00000000,?,00886573,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00886186
                                      • GlobalHandle.KERNEL32(?), ref: 0088618F
                                      • GlobalUnlock.KERNEL32(00000000), ref: 00886199
                                      • GlobalReAlloc.KERNEL32(?,00000000,00002002), ref: 008861B2
                                      • GlobalHandle.KERNEL32(?), ref: 008861C4
                                      • GlobalLock.KERNEL32(00000000), ref: 008861CB
                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000000,?,00886573,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 008861D4
                                      • GlobalLock.KERNEL32(00000000), ref: 008861E0
                                      • _memset.LIBCMT ref: 008861FA
                                      • LeaveCriticalSection.KERNEL32(?), ref: 00886228
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                      • String ID:
                                      • API String ID: 496899490-0
                                      • Opcode ID: e63264ba94904171afc0bb3f9532973ce26d044d070da085bf404f4495b35137
                                      • Instruction ID: 49679f3cee260fc072957304603c951ac43c128cd975c74e9d637c826d80a5d9
                                      • Opcode Fuzzy Hash: e63264ba94904171afc0bb3f9532973ce26d044d070da085bf404f4495b35137
                                      • Instruction Fuzzy Hash: 7C319E75600705AFE721AF68DC89A5ABBF9FF45700B05892AE552D3A52EB30F9118F10
                                      Function 0088BBF2 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 0088BC01
                                      • GetSystemMetrics.USER32(0000000C), ref: 0088BC08
                                      • GetSystemMetrics.USER32(00000002), ref: 0088BC0F
                                      • GetSystemMetrics.USER32(00000003), ref: 0088BC19
                                      • GetDC.USER32(00000000), ref: 0088BC23
                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 0088BC34
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0088BC3C
                                      • ReleaseDC.USER32(00000000,00000000), ref: 0088BC44
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                      • String ID:
                                      • API String ID: 1031845853-0
                                      • Opcode ID: 43a05a868784b9c71f5d6c472a1f0c54c98608ab2d3987cd90494a05d0685763
                                      • Instruction ID: f8e683820140a8b66ec9dd67674321e49a8c348b2d729b01685d574d270d6253
                                      • Opcode Fuzzy Hash: 43a05a868784b9c71f5d6c472a1f0c54c98608ab2d3987cd90494a05d0685763
                                      • Instruction Fuzzy Hash: 8BF017B1E40718BBEB105B729C8DB167F68FB85762F004526E7159B6C0DAB598118FD0
                                      Function 0088C45D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • SetErrorMode.KERNELBASE(00000000), ref: 0088C46B
                                      • SetErrorMode.KERNELBASE(00000000), ref: 0088C473
                                        • Part of subcall function 00884C2F: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00884C67
                                        • Part of subcall function 00884C2F: SetLastError.KERNEL32(0000006F), ref: 00884C7E
                                      • GetModuleHandleA.KERNEL32(user32.dll), ref: 0088C4C2
                                      • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 0088C4D2
                                        • Part of subcall function 0088C2D7: GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0088C314
                                        • Part of subcall function 0088C2D7: PathFindExtensionA.KERNELBASE(?), ref: 0088C32E
                                        • Part of subcall function 0088C2D7: __strdup.LIBCMT ref: 0088C376
                                        • Part of subcall function 0088C2D7: __strdup.LIBCMT ref: 0088C3B5
                                        • Part of subcall function 0088C2D7: __strdup.LIBCMT ref: 0088C3FC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ErrorModule__strdup$FileModeName$AddressExtensionFindHandleLastPathProc
                                      • String ID: NotifyWinEvent$user32.dll
                                      • API String ID: 621541537-597752486
                                      • Opcode ID: 85f7ae2bfb2d83c94620bed83f9a48da81dd0f590f46a32244ad2202c0ade0bc
                                      • Instruction ID: 227b9032cac33064dfae5d3ad09006e81cc1e0c93e20d1675bafbf0777957751
                                      • Opcode Fuzzy Hash: 85f7ae2bfb2d83c94620bed83f9a48da81dd0f590f46a32244ad2202c0ade0bc
                                      • Instruction Fuzzy Hash: 2401DFB0A402185FDB20FF68A809A593B98FF05711F05406AF519C7352DB78C8408FBA
                                      Function 00881310 Relevance: 7.6, APIs: 6, Instructions: 120COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 259 881310-88131e 260 881320-881323 259->260 261 881324-881330 259->261 262 881332-881336 261->262 263 881337-881354 VirtualAlloc 261->263 264 88136e-8813e3 GetProcessHeap HeapAlloc VirtualAlloc * 2 call 892d30 call 881000 263->264 265 881356-881368 VirtualAlloc 263->265 271 8813f0-8813fb call 8811f0 264->271 272 8813e5-8813ed call 881170 264->272 265->264 266 881423-881429 265->266 277 8813fd-88140d call 8810b0 271->277 278 88141e call 8814f0 271->278 272->271 282 88140f-881411 277->282 283 881431-881437 277->283 278->266 282->278 284 881413-881417 282->284 285 88141a-88141c 284->285 285->278 286 88142a 285->286 286->283
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e22ac1208eadabc9c6e13c7cf072684a39781f8f3794302ea239d6d918646ee6
                                      • Instruction ID: 688a77f90b432e49e218d77099c976ce8ee46d2752c9d7a4035b5ea4005b340d
                                      • Opcode Fuzzy Hash: e22ac1208eadabc9c6e13c7cf072684a39781f8f3794302ea239d6d918646ee6
                                      • Instruction Fuzzy Hash: 853192712003006BEB21EF68DC89F6B77ADFF88754F144119FA08D7681EB74E8418B55
                                      Function 008811F0 Relevance: 7.6, APIs: 5, Instructions: 109libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 287 8811f0-881209 288 88120f-881223 IsBadReadPtr 287->288 289 8812f0-8812f6 287->289 290 8812e8-8812ef 288->290 291 881229 288->291 292 881230-881235 291->292 293 88123b-881248 LoadLibraryA 292->293 294 8812f7-881301 292->294 295 88124e-88126a call 88e606 293->295 296 8812e0-8812e7 293->296 295->296 299 88126c-881279 295->299 300 88127b-881283 299->300 301 881285-88128b 299->301 302 88128d-881291 300->302 301->302 303 8812bb-8812d1 IsBadReadPtr 302->303 304 881293 302->304 303->294 307 8812d3-8812db 303->307 305 88129c 304->305 306 881295-88129a 304->306 308 8812a0-8812ac GetProcAddress 305->308 306->308 307->292 308->296 309 8812ae-8812b9 308->309 309->303 309->304
                                      APIs
                                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 0088121B
                                      • LoadLibraryA.KERNELBASE(?,?,00000014), ref: 0088123E
                                      • _realloc.LIBCMT ref: 0088125D
                                        • Part of subcall function 0088E606: _malloc.LIBCMT ref: 0088E61C
                                      • GetProcAddress.KERNEL32(00000000,?), ref: 008812A2
                                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 008812C9
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Read$AddressLibraryLoadProc_malloc_realloc
                                      • String ID:
                                      • API String ID: 3858321205-0
                                      • Opcode ID: bcbfd14dc40586c30336cf91defbfd84d29fe4835554bae29b8440cb6e6d27b1
                                      • Instruction ID: 7392cea1716d43c8d82388a80ab948322618e42e3a8ec6543627cd6abafdce45
                                      • Opcode Fuzzy Hash: bcbfd14dc40586c30336cf91defbfd84d29fe4835554bae29b8440cb6e6d27b1
                                      • Instruction Fuzzy Hash: 5831BEB27002069FEB20DF69DC88A26F3A8FF44365F15062AE815D7651DB31E816CBE4
                                      Function 008865E2 Relevance: 7.5, APIs: 5, Instructions: 36COMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 310 8865e2-8865ed 311 8865ef-886600 call 88642c 310->311 312 886602-886607 310->312 311->312 314 886609-88660a TlsFree 312->314 315 886610-886615 312->315 314->315 316 88662e-88663a DeleteCriticalSection 315->316 317 886617-886628 GlobalHandle GlobalUnlock GlobalFree 315->317 317->316
                                      APIs
                                      • TlsFree.KERNELBASE(?,?,?,00886648), ref: 0088660A
                                      • GlobalHandle.KERNEL32(?), ref: 00886618
                                      • GlobalUnlock.KERNEL32(00000000), ref: 00886621
                                      • GlobalFree.KERNEL32(00000000), ref: 00886628
                                      • DeleteCriticalSection.KERNEL32(?,?,?,00886648), ref: 00886632
                                        • Part of subcall function 0088642C: EnterCriticalSection.KERNEL32(?), ref: 0088648B
                                        • Part of subcall function 0088642C: LeaveCriticalSection.KERNEL32(?), ref: 0088649B
                                        • Part of subcall function 0088642C: LocalFree.KERNEL32(?), ref: 008864A4
                                        • Part of subcall function 0088642C: TlsSetValue.KERNEL32(?,00000000), ref: 008864B6
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                      • String ID:
                                      • API String ID: 1549993015-0
                                      • Opcode ID: ebb413c3b1649913dd821edb0a30462a429aa8beb0adb41abe11177adc8a3ce7
                                      • Instruction ID: bb3ef1d4e706a5538e03397dabbc953421dd967183728b1780b7c59d56dfae95
                                      • Opcode Fuzzy Hash: ebb413c3b1649913dd821edb0a30462a429aa8beb0adb41abe11177adc8a3ce7
                                      • Instruction Fuzzy Hash: 98F0E2322002005BD721AB7CAC0CEAB37A9FF86760B190518F445D3351EF30EC168B24
                                      Function 008814F0 Relevance: 6.1, APIs: 4, Instructions: 51memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 319 8814f0-8814f2 320 8814f8-8814fc 319->320 321 88157a 319->321 322 8814fe-88150b 320->322 323 881516-88151a 320->323 328 88150f 322->328 324 88151c-881522 323->324 325 881555-88155a 323->325 329 881548-881554 call 88e821 324->329 330 881524-88152b 324->330 326 88156a-881574 GetProcessHeap HeapFree 325->326 327 88155c-881564 VirtualFree 325->327 326->321 327->326 328->323 329->325 332 881530-88153a 330->332 333 88153c-88153f FreeLibrary 332->333 334 881541-881545 332->334 333->334 334->332 336 881547 334->336 336->329
                                      APIs
                                      • FreeLibrary.KERNEL32(?,?,00000000,00881423), ref: 0088153F
                                      • VirtualFree.KERNELBASE(?,00000000,00008000,00881423), ref: 00881564
                                      • GetProcessHeap.KERNEL32(00000000,00000000,00881423), ref: 0088156D
                                      • HeapFree.KERNEL32(00000000), ref: 00881574
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Free$Heap$LibraryProcessVirtual
                                      • String ID:
                                      • API String ID: 548792435-0
                                      • Opcode ID: 38b9b22af0a6284195e36c0216c595ea50895faf9fa6ac5576e5543fe49f5659
                                      • Instruction ID: a70ab9c4207816bb091a14d5db05d8737692c950d44345550bbeab4fda41ea27
                                      • Opcode Fuzzy Hash: 38b9b22af0a6284195e36c0216c595ea50895faf9fa6ac5576e5543fe49f5659
                                      • Instruction Fuzzy Hash: 47113971640701ABEB31AF69DC8CB56B3A8FB85711F248918E1ABC7990DB74F842CB50
                                      Function 00884C2F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 337 884c2f-884c6f call 884b33 GetModuleFileNameW 340 884d1d-884d2a call 88e5f7 337->340 341 884c75-884c7a 337->341 343 884c89-884cce call 884ba1 341->343 344 884c7c-884c84 SetLastError 341->344 348 884cec-884cf3 343->348 349 884cd0-884ce1 call 884ba1 343->349 344->340 348->340 351 884cf5-884d06 call 884ba1 348->351 352 884ce6 349->352 354 884d0b-884d14 351->354 352->348 354->340 355 884d16 354->355 355->340
                                      APIs
                                        • Part of subcall function 00884B33: GetModuleHandleA.KERNEL32(KERNEL32,00884C4D), ref: 00884B41
                                        • Part of subcall function 00884B33: GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 00884B62
                                        • Part of subcall function 00884B33: GetProcAddress.KERNEL32(ReleaseActCtx), ref: 00884B74
                                        • Part of subcall function 00884B33: GetProcAddress.KERNEL32(ActivateActCtx), ref: 00884B86
                                        • Part of subcall function 00884B33: GetProcAddress.KERNEL32(DeactivateActCtx), ref: 00884B98
                                      • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00884C67
                                      • SetLastError.KERNEL32(0000006F), ref: 00884C7E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AddressProc$Module$ErrorFileHandleLastName
                                      • String ID:
                                      • API String ID: 2524245154-3916222277
                                      • Opcode ID: 77d6d42e3f018be678615ce8fe68ad4856e10992d6bb38c9a328a9401fb561d3
                                      • Instruction ID: f34dfd9b5eb66bd61932f159c1554b76081a6e5320d65d91cde9426b3097e501
                                      • Opcode Fuzzy Hash: 77d6d42e3f018be678615ce8fe68ad4856e10992d6bb38c9a328a9401fb561d3
                                      • Instruction Fuzzy Hash: A82181718012199EDB60EFB4D8497EEB7F8FF04324F10469ED459D2180DBB49A85DF51
                                      Function 0088272D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 356 88272d-88275d GetModuleFileNameA 357 88275f-882761 356->357 358 882792 356->358 357->358 359 882763-88278a PathFindExtensionA call 8824be 357->359 360 882794-8827a0 call 88e5f7 358->360 363 88278f-882790 359->363 363->360
                                      APIs
                                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00882755
                                      • PathFindExtensionA.SHLWAPI(?), ref: 0088276B
                                        • Part of subcall function 008824BE: __EH_prolog3_GS.LIBCMT ref: 008824C8
                                        • Part of subcall function 008824BE: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,0088278F,?,?), ref: 008824F8
                                        • Part of subcall function 008824BE: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0088250C
                                        • Part of subcall function 008824BE: ConvertDefaultLocale.KERNELBASE(?), ref: 00882548
                                        • Part of subcall function 008824BE: ConvertDefaultLocale.KERNELBASE(?), ref: 00882556
                                        • Part of subcall function 008824BE: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 00882573
                                        • Part of subcall function 008824BE: ConvertDefaultLocale.KERNEL32(?), ref: 0088259E
                                        • Part of subcall function 008824BE: ConvertDefaultLocale.KERNEL32(000003FF), ref: 008825A7
                                        • Part of subcall function 008824BE: GetModuleFileNameA.KERNEL32(00880000,?,00000105), ref: 0088265C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                                      • String ID: %s%s.dll
                                      • API String ID: 1311856149-1649984862
                                      • Opcode ID: e90f4d0be9fa1a55288ec030992d3f8a53e63526ca0fbe9006c395ff80792c97
                                      • Instruction ID: d480c47895c9e849894b2bdaa277451c4ac7fde3cd7c94c39ca6da114095dfa2
                                      • Opcode Fuzzy Hash: e90f4d0be9fa1a55288ec030992d3f8a53e63526ca0fbe9006c395ff80792c97
                                      • Instruction Fuzzy Hash: 6F018171A002189BDB14FB68DD45AEFB7E8FB45700F0400A5E505E7140EA749E048B71
                                      Function 10003FD0 Relevance: 4.6, APIs: 3, Instructions: 97registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 10004047
                                      • RegOpenKeyExA.KERNELBASE(?,?,00000000,00020019,?,10019390,?,?,?,?,?,00000000,Function_00006140,10013FE0,000000FE), ref: 10004066
                                      • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,?,?,?,?,00000000,Function_00006140,10013FE0,000000FE), ref: 100040B1
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: OpenQueryValue_memset
                                      • String ID:
                                      • API String ID: 4181845570-0
                                      • Opcode ID: d9ddd5fe1c6d4b71ad2c49570aeaaceb52d95c6e63b1a26ff415b29271649183
                                      • Instruction ID: 397a07ba9fdae02477def609a9edf210321e93d1555123181cbf316d359f5299
                                      • Opcode Fuzzy Hash: d9ddd5fe1c6d4b71ad2c49570aeaaceb52d95c6e63b1a26ff415b29271649183
                                      • Instruction Fuzzy Hash: C83164F590024D9FEB20CF94CC40BEE77B8FB48754F108129EB15AB281DB75AA45CB68
                                      Function 00881BBC Relevance: 4.6, APIs: 3, Instructions: 70registryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 365 881bbc-881bec 366 881c7a-881c80 365->366 367 881bf2 365->367 368 881bf3-881c09 RegOpenKeyExA 367->368 369 881c0b-881c0e 368->369 370 881c6e-881c73 368->370 371 881c5c-881c60 369->371 370->368 372 881c79 370->372 373 881c10-881c29 RegQueryValueExA 371->373 374 881c62-881c6b RegCloseKey 371->374 372->366 375 881c2b-881c2f 373->375 376 881c4c-881c59 373->376 374->370 375->376 377 881c31-881c3a 375->377 376->371 378 881c3c-881c42 377->378 379 881c44-881c46 377->379 378->376 379->376
                                      APIs
                                      • RegOpenKeyExA.KERNELBASE(80000001,008A8008,00000000,00000001,?), ref: 00881C01
                                      • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,00000004), ref: 00881C21
                                      • RegCloseKey.ADVAPI32(?), ref: 00881C65
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CloseOpenQueryValue
                                      • String ID:
                                      • API String ID: 3677997916-0
                                      • Opcode ID: 8980f6dcc50ef47ca48433b699295d57a1f4988f765c527269a95a23ea615b52
                                      • Instruction ID: ef76d88fa79a840d6f35197fada7ed4ccbda9a60d51640581ca598d81287d9cb
                                      • Opcode Fuzzy Hash: 8980f6dcc50ef47ca48433b699295d57a1f4988f765c527269a95a23ea615b52
                                      • Instruction Fuzzy Hash: 37214971D40208EFDF14DF89C888AAEFBB9FF91305F2040AAE446E6210DB715A45CF61
                                      Function 00881000 Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 00881052
                                      • _memset.LIBCMT ref: 0088105B
                                      • VirtualAlloc.KERNELBASE(?,?,00001000,00000004), ref: 00881070
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AllocVirtual$_memset
                                      • String ID:
                                      • API String ID: 1876456587-0
                                      • Opcode ID: b1ea6a682bb7358eeb97c2e43a44d1d4301d74fe06b3b88824dc128b28c5b35b
                                      • Instruction ID: 09b46d1654dce9dde5168b9be4e5b06e78367594f7b04b662b962ab0206f29fd
                                      • Opcode Fuzzy Hash: b1ea6a682bb7358eeb97c2e43a44d1d4301d74fe06b3b88824dc128b28c5b35b
                                      • Instruction Fuzzy Hash: 741147B1604341AFE724DF09CC84F2AB3E9FF88754F15881DF6858B351CA71E8828B61
                                      Function 100227C9 Relevance: 3.1, APIs: 2, Instructions: 85memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,00001000,00000004,?,00000000), ref: 10022867
                                      • VirtualProtect.KERNELBASE(?,00001000), ref: 1002287C
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 4f36cc543f5f45c08a7db0548589c95f45be62c4509670af3a6f550c06d27b7d
                                      • Instruction ID: 44c01dd3d27f53d5454b4e9024d00421f68f2d310bbcfde34b9d0d8a4b0a1b3f
                                      • Opcode Fuzzy Hash: 4f36cc543f5f45c08a7db0548589c95f45be62c4509670af3a6f550c06d27b7d
                                      • Instruction Fuzzy Hash: B4216E72108246BFE321C7B4DC40BB6B7E8EB45394FA10425E899CB282DF60EC17D761
                                      Function 008810B0 Relevance: 3.1, APIs: 2, Instructions: 70memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualFree.KERNEL32(?,?,00004000), ref: 008810FF
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00881147
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Virtual$FreeProtect
                                      • String ID:
                                      • API String ID: 2581862158-0
                                      • Opcode ID: 64ace54e8cb49935e897486a941fc8fd9e0f33100ccc65df7d8b4e069f182212
                                      • Instruction ID: 0ce91cc8b7fbad48985392c2b3d0d23321a517d99bfd5c1a8b89e3b743442345
                                      • Opcode Fuzzy Hash: 64ace54e8cb49935e897486a941fc8fd9e0f33100ccc65df7d8b4e069f182212
                                      • Instruction Fuzzy Hash: EC21B7756002068BDF18DF45D8CCE76B3AAFB98745F14424CEA06CB655DB30EC52C760
                                      Function 00883996 Relevance: 3.0, APIs: 2, Instructions: 15threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentThreadId.KERNEL32 ref: 008839A9
                                      • SetWindowsHookExA.USER32(000000FF,Function_000037FE,00000000,00000000), ref: 008839B9
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CurrentHookThreadWindows
                                      • String ID:
                                      • API String ID: 1904029216-0
                                      • Opcode ID: 38a0200b011e95ecd5b2af30f37fa8e13a6b1943ee42b7cc1b394e640822f8e1
                                      • Instruction ID: 8d54cf990d9147fe494defb68f998df48f3fa42fd0cd4f7ef761c8a62b1792e8
                                      • Opcode Fuzzy Hash: 38a0200b011e95ecd5b2af30f37fa8e13a6b1943ee42b7cc1b394e640822f8e1
                                      • Instruction Fuzzy Hash: 6BD0A7B14043142EEB607774BC09B493E44FB03730F040244F421D15D1D66485414B96
                                      Function 10004279 Relevance: 3.0, APIs: 2, Instructions: 11registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegCloseKey.ADVAPI32(?,10004262,04B08C62), ref: 10004281
                                      • RegCloseKey.ADVAPI32(04B08C62,10004262,04B08C62), ref: 1000428F
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Close
                                      • String ID:
                                      • API String ID: 3535843008-0
                                      • Opcode ID: ac686b4f780081cf1bc9312daa056d8dd8311a71cae3fa77a6afb895c132f166
                                      • Instruction ID: 9b6096f4f338bd6b4fb10cd01a9fdd8d56caf0c49b719ee1d411630276e9a8de
                                      • Opcode Fuzzy Hash: ac686b4f780081cf1bc9312daa056d8dd8311a71cae3fa77a6afb895c132f166
                                      • Instruction Fuzzy Hash: BEC012F0700200ABEF41CF20CC8CE6A37ACBB082C0B028244F808D2000DE34C980CA20
                                      Function 0088F29D Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • ___crtCorExitProcess.LIBCMT ref: 0088F2A5
                                        • Part of subcall function 0088F272: GetModuleHandleW.KERNEL32(mscoree.dll,?,0088F2AA,?,?,0088EC98,000000FF,0000001E,?,00893643,?,00000001,?,?,00892192,00000018), ref: 0088F27C
                                        • Part of subcall function 0088F272: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0088F28C
                                      • ExitProcess.KERNEL32 ref: 0088F2AE
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ExitProcess$AddressHandleModuleProc___crt
                                      • String ID:
                                      • API String ID: 2427264223-0
                                      • Opcode ID: c7fd50bf89b969e3c52c532f9ebc4cf842b620627df3202e8b219c066859c63f
                                      • Instruction ID: 88aee18df6f8c9445ccf153d81fd46e19b4cc0450147a7b01d7cf31b6cbc0c3a
                                      • Opcode Fuzzy Hash: c7fd50bf89b969e3c52c532f9ebc4cf842b620627df3202e8b219c066859c63f
                                      • Instruction Fuzzy Hash: 71B09231000508BBDF013F6ADC0AC4A3F6AFB823A0B118020F90849072DF72AD929EA1
                                      Function 00884EE9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: H_prolog3
                                      • String ID:
                                      • API String ID: 431132790-0
                                      • Opcode ID: 3f4352076a25d99225c1d6359a749e2ea2b472cd38d37827127934bb1f4ef4cf
                                      • Instruction ID: 60bb933a308e75ee3f099f8eaaa096ac03fbe806403b6a56d1cd16ef1adce465
                                      • Opcode Fuzzy Hash: 3f4352076a25d99225c1d6359a749e2ea2b472cd38d37827127934bb1f4ef4cf
                                      • Instruction Fuzzy Hash: B4212C35201B02DFDB19EF69C498A2AB7F5FF89711714565CF662CB6A1CB30E801DB11
                                      Function 00886792 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00882035: FindResourceA.KERNEL32(?,?,00000006), ref: 0088204A
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,-00000002,?,00000001,?,00000000,00000000,?,?,00000000,?,008847B8,?,?,00000080), ref: 008867DB
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ByteCharFindMultiResourceWide
                                      • String ID:
                                      • API String ID: 3726879926-0
                                      • Opcode ID: cd719e25e6d908db9b97398bd6c981814eda023997ed666082e3053567035bf6
                                      • Instruction ID: 560b7c0be9e722587541eb6fe65b2f5bed5f8d1efa74e39e0fe6fc4ab2324173
                                      • Opcode Fuzzy Hash: cd719e25e6d908db9b97398bd6c981814eda023997ed666082e3053567035bf6
                                      • Instruction Fuzzy Hash: BBF0BEB31041997FA7207FAA9CC9CBB7B9CFA95768715042AF640CB101E522DC94C3B1
                                      Function 0088651F Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00886526
                                        • Part of subcall function 008847FB: __CxxThrowException@8.LIBCMT ref: 00884811
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Exception@8H_prolog3Throw
                                      • String ID:
                                      • API String ID: 3670251406-0
                                      • Opcode ID: 64b51a24904f61b19097dbef1a783cc380c17108da03e8c63207bc89852f84e3
                                      • Instruction ID: 2046bae028d6850e496beed9483c35692107080eb293e20e880cc646dc081033
                                      • Opcode Fuzzy Hash: 64b51a24904f61b19097dbef1a783cc380c17108da03e8c63207bc89852f84e3
                                      • Instruction Fuzzy Hash: 79017878600207CBDB25BF68E81A62936A2FF903A0B14153CE595DB291FF30CDA0CB16
                                      Function 00881B2F Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 078bcea8ded7f6e86bb2d86d51d634051be84e21345fa5cbd3e900538714b057
                                      • Instruction ID: fe17375c4a9145bda9b301d5d371a7f1ad7ac983ae0780120b08d24e03ebfaf6
                                      • Opcode Fuzzy Hash: 078bcea8ded7f6e86bb2d86d51d634051be84e21345fa5cbd3e900538714b057
                                      • Instruction Fuzzy Hash: EBE0D83200030597CF206D3898445E573CCFB62370F208326D071C31C0EB309883A754
                                      Function 00885FEF Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0088BA5A: LeaveCriticalSection.KERNEL32(?,?,00885FE5,00000010,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA75
                                      • __CxxThrowException@8.LIBCMT ref: 00885FFA
                                        • Part of subcall function 008914AC: RaiseException.KERNEL32(?,?,?,?), ref: 008914EE
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalExceptionException@8LeaveRaiseSectionThrow
                                      • String ID:
                                      • API String ID: 2386790472-0
                                      • Opcode ID: 09d1e922a7b403ebcc388d7e659541ec0f8879849bd1a604db80c9550a031faa
                                      • Instruction ID: 041c6a8614bbfc82695fcdb7b789e970f6091fc90f9e49dfe1a86068eb830f4a
                                      • Opcode Fuzzy Hash: 09d1e922a7b403ebcc388d7e659541ec0f8879849bd1a604db80c9550a031faa
                                      • Instruction Fuzzy Hash: 64E0C974B40209AFDB50EFA9D945F4977E5FF49708F240098A604EB391DAB1EE00DB15
                                      Function 008819BA Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • _malloc.LIBCMT ref: 008819D8
                                        • Part of subcall function 0088EC5F: __FF_MSGBANNER.LIBCMT ref: 0088EC82
                                        • Part of subcall function 0088EC5F: __NMSG_WRITE.LIBCMT ref: 0088EC89
                                        • Part of subcall function 0088EC5F: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00893643,?,00000001,?,?,00892192,00000018,008A5958,0000000C,00892223), ref: 0088ECD6
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AllocateHeap_malloc
                                      • String ID:
                                      • API String ID: 501242067-0
                                      • Opcode ID: f8071fbb4b19d4578e3e53b6421e539ebaacaf6914b93e802ecd2c5b692b8aa3
                                      • Instruction ID: 12b0358561f93997382e3dca2617855d55965e0dbb104dac38ba253816ae42dd
                                      • Opcode Fuzzy Hash: f8071fbb4b19d4578e3e53b6421e539ebaacaf6914b93e802ecd2c5b692b8aa3
                                      • Instruction Fuzzy Hash: 4ED05E3270552A676F217ADAEC25AAA7F9EFB427B83540032F848DB551DF61CC1293D0
                                      Function 0089223B Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00892250
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CreateHeap
                                      • String ID:
                                      • API String ID: 10892065-0
                                      • Opcode ID: 2c25939c5743726b4faa1e070c6b9d065ff1aca794f84e964b26598b2393a16b
                                      • Instruction ID: f46a589c0396232775428efe4856d75381b5acd481e0c9fc9481192b6036feb2
                                      • Opcode Fuzzy Hash: 2c25939c5743726b4faa1e070c6b9d065ff1aca794f84e964b26598b2393a16b
                                      • Instruction Fuzzy Hash: C8D0A732554309AEEB505FB57C48B263BDCF785795F144436F91CC6150F770D580CA00
                                      Function 0088226C Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                      Download Yara Rule
                                      APIs
                                      • InterlockedExchange.KERNEL32(008B9FC0,?), ref: 00882295
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ExchangeInterlocked
                                      • String ID:
                                      • API String ID: 367298776-0
                                      • Opcode ID: 4191c7845f8ebd06adfbf3aa3c8a7c9994b3a69e38abca40796b92612dacc16d
                                      • Instruction ID: d51c050b073968a02ad6c89f697b70309f5eaaf230eb88406003c7abe00a830e
                                      • Opcode Fuzzy Hash: 4191c7845f8ebd06adfbf3aa3c8a7c9994b3a69e38abca40796b92612dacc16d
                                      • Instruction Fuzzy Hash: 8CE0EC75610A519FDB21BB78D80896AB7E5FF4D3117054869F5A6C3320DB31D801CB51
                                      Function 10007865 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,100064D0,?), ref: 1000787A
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CreateHeap
                                      • String ID:
                                      • API String ID: 10892065-0
                                      • Opcode ID: 15797bc0560bab309fbf6160860b827dd196f2af05f21e5587b21aaa6777ae17
                                      • Instruction ID: 3aeffb3154521fcd94c92435170d3f6785a63df5b8b874c5385d83aa7aee7d7f
                                      • Opcode Fuzzy Hash: 15797bc0560bab309fbf6160860b827dd196f2af05f21e5587b21aaa6777ae17
                                      • Instruction Fuzzy Hash: B9D05E729947596AF7009F715C88B223BDDE385695F10C436F91CC6160EA78D590C600
                                      Function 0088665D Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ctype
                                      • String ID:
                                      • API String ID: 3039457973-0
                                      • Opcode ID: d1ca52e0ae23d2e1f73f2c455c744adc4c952a9cb329e6b6d48d8d87d925d3e8
                                      • Instruction ID: 55e5b6e4d263ab6e7a005a8bc54d7798247f9b2ec099d2af2d5796a5aba3c464
                                      • Opcode Fuzzy Hash: d1ca52e0ae23d2e1f73f2c455c744adc4c952a9cb329e6b6d48d8d87d925d3e8
                                      • Instruction Fuzzy Hash: 90D08C34A1C3C60BEB75FB60A99DBB83751FBF072AF49117CC104D5992FA904824C309
                                      Function 0088F4B9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                      Download Yara Rule
                                      APIs
                                      • _doexit.LIBCMT ref: 0088F4C5
                                        • Part of subcall function 0088F38D: __lock.LIBCMT ref: 0088F39B
                                        • Part of subcall function 0088F38D: __decode_pointer.LIBCMT ref: 0088F3D2
                                        • Part of subcall function 0088F38D: __decode_pointer.LIBCMT ref: 0088F3E7
                                        • Part of subcall function 0088F38D: __decode_pointer.LIBCMT ref: 0088F411
                                        • Part of subcall function 0088F38D: __decode_pointer.LIBCMT ref: 0088F427
                                        • Part of subcall function 0088F38D: __decode_pointer.LIBCMT ref: 0088F434
                                        • Part of subcall function 0088F38D: __initterm.LIBCMT ref: 0088F463
                                        • Part of subcall function 0088F38D: __initterm.LIBCMT ref: 0088F473
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __decode_pointer$__initterm$__lock_doexit
                                      • String ID:
                                      • API String ID: 1597249276-0
                                      • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                      • Instruction ID: b8716ddc2b2c316f7e6a6179a100fa0205f6599af82a13803ab8f5ebe57424bd
                                      • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                      • Instruction Fuzzy Hash: 90B0923258020833DA202946AC03F463A4997C0B64F240060BA0C196A2A9A2B961828A

                                      Non-executed Functions

                                      Function 10001C50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryW.KERNEL32(ntdll.dll), ref: 10001C59
                                      • GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 10001C6B
                                      • FreeLibrary.KERNEL32(00000000), ref: 10001C90
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Library$AddressFreeLoadProc
                                      • String ID: RtlGetNtVersionNumbers$ntdll.dll
                                      • API String ID: 145871493-1263206204
                                      • Opcode ID: d711c6c5dd4a533c05bbbdab4e56c6e5b105c0ec9fb16935a3507c9fc672f45f
                                      • Instruction ID: 17b88f237ca996e660be609f40ce52b3cc88face2464b5a3678f627ee7a31a04
                                      • Opcode Fuzzy Hash: d711c6c5dd4a533c05bbbdab4e56c6e5b105c0ec9fb16935a3507c9fc672f45f
                                      • Instruction Fuzzy Hash: 9FE065BA2042216BA266DF218C48D9F77A6EFC87517028618F50497200DB30D825C7B2
                                      Function 0088E5F7 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • IsDebuggerPresent.KERNEL32 ref: 0089200A
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0089201F
                                      • UnhandledExceptionFilter.KERNEL32(008A1E0C), ref: 0089202A
                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 00892046
                                      • TerminateProcess.KERNEL32(00000000), ref: 0089204D
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                      • String ID:
                                      • API String ID: 2579439406-0
                                      • Opcode ID: b376674c3e8718871de735e3c8325c4d7b6577536d43f0446477d743f27d3333
                                      • Instruction ID: 4880386dab1e9714c233b3ba3451ea215f01c3a440a27d2ae9a8689939177a62
                                      • Opcode Fuzzy Hash: b376674c3e8718871de735e3c8325c4d7b6577536d43f0446477d743f27d3333
                                      • Instruction Fuzzy Hash: 7021C2B4841304DFDB51DF69E849A843BA4FB2A310F104259EA89C7761EB746980CF15
                                      Function 100053BA Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • IsDebuggerPresent.KERNEL32 ref: 1000929F
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100092B4
                                      • UnhandledExceptionFilter.KERNEL32(10012A1C), ref: 100092BF
                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 100092DB
                                      • TerminateProcess.KERNEL32(00000000), ref: 100092E2
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                      • String ID:
                                      • API String ID: 2579439406-0
                                      • Opcode ID: 654fb14176351c92df5f980e551cd3ec5e19a6eab80db1a1405c862da9a16c67
                                      • Instruction ID: f14a19304f85b464b4b24906b0d8449a62d233daf6140d222a12ff5b46b69054
                                      • Opcode Fuzzy Hash: 654fb14176351c92df5f980e551cd3ec5e19a6eab80db1a1405c862da9a16c67
                                      • Instruction Fuzzy Hash: 74219EF58002249FE702DFA5C885A587BE4FB1A361F51812EE90886265E7B4D9C28F55
                                      Function 10002840 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FreeLibrary.KERNEL32(?,?,00000000,00000000,100029E4,00000000), ref: 1000288F
                                      • VirtualFree.KERNEL32(C0335B5E,00000000,00008000,00000000,100029E4,00000000), ref: 100028B4
                                      • GetProcessHeap.KERNEL32(00000000,100029E4,00000000,100029E4,00000000), ref: 100028BD
                                      • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,10003F45,?,?,00000040), ref: 100028C4
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Free$Heap$LibraryProcessVirtual
                                      • String ID:
                                      • API String ID: 548792435-0
                                      • Opcode ID: f59e60f9d6702d7f205f497bedf8067c0113e58a33076b6d2dd0c98a1b8e1350
                                      • Instruction ID: 61ca10426f2a71f51bacbd4b21daea2ef8cb34e6618af752df998f47c263c0f3
                                      • Opcode Fuzzy Hash: f59e60f9d6702d7f205f497bedf8067c0113e58a33076b6d2dd0c98a1b8e1350
                                      • Instruction Fuzzy Hash: 51117975601B119BE320CF65CC84F53B3E9FB88791F10CA28E59A97294CB74F881CB60
                                      Function 008891F1 Relevance: 6.0, APIs: 4, Instructions: 42keyboardwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0088BA8D: GetWindowLongA.USER32(?,000000F0), ref: 0088BA98
                                      • GetKeyState.USER32(00000010), ref: 00889217
                                      • GetKeyState.USER32(00000011), ref: 00889220
                                      • GetKeyState.USER32(00000012), ref: 00889229
                                      • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 0088923F
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: State$LongMessageSendWindow
                                      • String ID:
                                      • API String ID: 1063413437-0
                                      • Opcode ID: bc073b0ea00c2ef1a5f35a3d55d9c4590caaa70795f5c3133efe17c08d77d389
                                      • Instruction ID: 211d6f966194eb7e1deecbb1721acb61b939a619c209924230adc8547607aae3
                                      • Opcode Fuzzy Hash: bc073b0ea00c2ef1a5f35a3d55d9c4590caaa70795f5c3133efe17c08d77d389
                                      • Instruction Fuzzy Hash: 18F0E9367C039A76EE2436789C05FB56815FF96BD5F080475F692EA1D1CFA0D8024771
                                      Function 00886B5A Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7abfc0ba7b4c883cf83c520ebc2d357db9f629c5722b2614fe763032bd397dc1
                                      • Instruction ID: 2923c657b7255f3bad19527973a2a95de28976ed2a5aa556e31d453cb6108d25
                                      • Opcode Fuzzy Hash: 7abfc0ba7b4c883cf83c520ebc2d357db9f629c5722b2614fe763032bd397dc1
                                      • Instruction Fuzzy Hash: 7EF0EC3160410DABDF027F65DD49EAE3F69FB00368F548424F916E5060FB30DA65EB51
                                      Function 10004960 Relevance: 4.5, APIs: 3, Instructions: 38networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: recvselect
                                      • String ID:
                                      • API String ID: 741273618-0
                                      • Opcode ID: 1c47b4aea8ce01801d1e31e8b6946b46d948b6999eb620356d05c34384fcb141
                                      • Instruction ID: 0337ab474e6ceb0ddde879d859f2270736b801bd25fe8cc7b4f63dfc035d973a
                                      • Opcode Fuzzy Hash: 1c47b4aea8ce01801d1e31e8b6946b46d948b6999eb620356d05c34384fcb141
                                      • Instruction Fuzzy Hash: 74016DB1104315AFF310CF14C946BEB77E8EB89744F00891DF98882280E7B4A919CBE7
                                      Function 10001CA0 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 10001CB4
                                      • GetVersionExA.KERNEL32(?), ref: 10001CC3
                                        • Part of subcall function 10001C50: LoadLibraryW.KERNEL32(ntdll.dll), ref: 10001C59
                                        • Part of subcall function 10001C50: GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 10001C6B
                                        • Part of subcall function 10001C50: FreeLibrary.KERNEL32(00000000), ref: 10001C90
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Library$AddressFreeLoadProcVersion_memset
                                      • String ID:
                                      • API String ID: 2727220453-0
                                      • Opcode ID: 07caf2bc99cf999e3c917da996afbf08a64f0805bac80e91897df748069924a9
                                      • Instruction ID: 360d7321dabfcd0c9c216a73ad80702e05c655a7ce6568ab0cad9d29fd4f8aab
                                      • Opcode Fuzzy Hash: 07caf2bc99cf999e3c917da996afbf08a64f0805bac80e91897df748069924a9
                                      • Instruction Fuzzy Hash: 85F04F766003019BE314DF54E845D97B7EAEB88751F14882EF59A93241E670E408CB72
                                      Function 10001D30 Relevance: 3.0, APIs: 2, Instructions: 14sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Sleep.KERNEL32 ref: 10001D51
                                      • StartServiceCtrlDispatcherA.ADVAPI32(00000000), ref: 10001D5B
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CtrlDispatcherServiceSleepStart
                                      • String ID:
                                      • API String ID: 1965773958-0
                                      • Opcode ID: 3a686218230e396f5769b4c60c2e5ad7b8e8e49d55a2721c6f62dfdb12b397bc
                                      • Instruction ID: c3c0789fb0aa49905dc1f89e3ebe7c304fb585c9465a02eb9bc80c4364c7ecb5
                                      • Opcode Fuzzy Hash: 3a686218230e396f5769b4c60c2e5ad7b8e8e49d55a2721c6f62dfdb12b397bc
                                      • Instruction Fuzzy Hash: FCD0E2B08483429BEB40EF68884955A7AE0FB84301F808D2DE4A9C2222E378C1298B42
                                      Function 0088AA49 Relevance: 2.0, APIs: 1, Instructions: 452COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: H_prolog3
                                      • String ID:
                                      • API String ID: 431132790-0
                                      • Opcode ID: 1ed5301d509b52a5625e502ea5c05550381072f5411c91ebd9de019eb28b8c94
                                      • Instruction ID: d40d048c2b1659aca0fc0f74770b0c9b768d52e8ffdb5d0a086e1a9dfe43a12e
                                      • Opcode Fuzzy Hash: 1ed5301d509b52a5625e502ea5c05550381072f5411c91ebd9de019eb28b8c94
                                      • Instruction Fuzzy Hash: 97F13A70504219EFEB18EF58C880ABE7BAAFF04314F50851AF916DB292DB35D911DB62
                                      Function 00893AAA Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetUnhandledExceptionFilter.KERNEL32(Function_00013A68), ref: 00893AAF
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterUnhandled
                                      • String ID:
                                      • API String ID: 3192549508-0
                                      • Opcode ID: 403ac884d1d5ac31e8e2d4c84cecc7f66313c020b900fd4297ddb65e8cf01d34
                                      • Instruction ID: d47a53266a93f450b368406ca77f93311abbd2ee437f179449041e9cdc1d75ef
                                      • Opcode Fuzzy Hash: 403ac884d1d5ac31e8e2d4c84cecc7f66313c020b900fd4297ddb65e8cf01d34
                                      • Instruction Fuzzy Hash: FE900260655A50569A0027785C0D60525E9BA8A71EB4544507051C4554DA9447009E13
                                      Function 10002B00 Relevance: .6, Instructions: 584COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dd16d0837e3175c8f4e9a4631b36355c66603bdb0b2986eb9f4cc6b256079d2b
                                      • Instruction ID: ab3db4970914f6caa84826317c03ee31de92541c5c01d244be012ba6039e3bbf
                                      • Opcode Fuzzy Hash: dd16d0837e3175c8f4e9a4631b36355c66603bdb0b2986eb9f4cc6b256079d2b
                                      • Instruction Fuzzy Hash: C512C4BBB983194FDB48CEE5DCC169573E1FB98304F09A43C9A55C7306F6E8AA094790
                                      Function 00890CF8 Relevance: .4, Instructions: 384COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                      • Instruction ID: 9fb258cee978e671336042118db2ab1e263d78908c63b64d29524c37591a4b40
                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                      • Instruction Fuzzy Hash: C9D16C73D0E9F30A8B35912D446823AEA62BFD1B4132EC7E1DCD47F38A96675D40A9D0
                                      Function 008908D8 Relevance: .4, Instructions: 378COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                      • Instruction ID: 2cdf8391e66453a43eb5c13ce85e70a10bac1c6aad09f21a870144bacc6e528e
                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                      • Instruction Fuzzy Hash: 2BD17E73C0EAB30E8B35912D446826AEEA2BFD175531EC3E19CE47F38AD1275D4099D0
                                      Function 008904CC Relevance: .4, Instructions: 361COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                      • Instruction ID: dd611b5c32013a3ef84b4408059043e63c2efcf2e8e9ee91212606be6e1da6b8
                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                      • Instruction Fuzzy Hash: 14C18E73D0E9B30E8B36912D446867AEA62BFD175031FC3E19CD47F38A92675D40AAD0
                                      Function 008900F8 Relevance: .4, Instructions: 351COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                      • Instruction ID: 4f44b75272a9224bb3d3328faa9b98aa47e070b065da8c2446c73c0b9ee4e919
                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                      • Instruction Fuzzy Hash: E7C18073D0E9B30E8B36912D456827AEE62BFD174431EC3E19CE46F38AD2275D44A9D0
                                      Function 10004400 Relevance: 43.8, APIs: 3, Strings: 22, Instructions: 90COMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 1000443A
                                      • _memset.LIBCMT ref: 1000444B
                                      • wsprintfA.USER32 ref: 1000450E
                                        • Part of subcall function 10003FD0: _memset.LIBCMT ref: 10004047
                                        • Part of subcall function 10003FD0: RegOpenKeyExA.KERNELBASE(?,?,00000000,00020019,?,10019390,?,?,?,?,?,00000000,Function_00006140,10013FE0,000000FE), ref: 10004066
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memset$Openwsprintf
                                      • String ID: %$C$C$E$M$T$Y$\$\$\$c$i$l$n$n$o$o$t$t$t$u$v
                                      • API String ID: 2563797908-2259266472
                                      • Opcode ID: adb3be5b4f37fc057afd18636047961455c28565628c32ca6af17fa1ab4919a4
                                      • Instruction ID: 86c0efe4c7f522963cac631f70758111c67d48b8954de0a18f7ff0608c6add87
                                      • Opcode Fuzzy Hash: adb3be5b4f37fc057afd18636047961455c28565628c32ca6af17fa1ab4919a4
                                      • Instruction Fuzzy Hash: 6441EA6110D3C0DDE362C6689885B9FBFE55BE7644F48588DF2C40B282C6FA9548C777
                                      Function 10003D30 Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 164stringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10001690: CreateEventA.KERNEL32(00000000,00000000,00000000), ref: 1000169E
                                        • Part of subcall function 10001690: GetLastError.KERNEL32 ref: 100016AA
                                        • Part of subcall function 10001690: CloseHandle.KERNEL32(00000000), ref: 100016C4
                                      • lstrlen.KERNEL32(T2410122238-0F8BFBFF000806F8), ref: 10003D82
                                      • lstrlen.KERNEL32(K230715080808P01234567), ref: 10003D8D
                                      • _memset.LIBCMT ref: 10003DB3
                                      • lstrlen.KERNEL32(T2410122238-0F8BFBFF000806F8), ref: 10003DC0
                                      • lstrlen.KERNEL32(T2410122238-0F8BFBFF000806F8), ref: 10003DE1
                                      • _memset.LIBCMT ref: 10003E27
                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10003E3A
                                      • _memset.LIBCMT ref: 10003E4E
                                      • _strrchr.LIBCMT ref: 10003E5A
                                      • lstrlen.KERNEL32(00000001), ref: 10003E66
                                      • lstrlen.KERNEL32(00000001), ref: 10003E90
                                      • PathRemoveFileSpecA.SHLWAPI(?), ref: 10003E9B
                                        • Part of subcall function 100034C0: OpenProcess.KERNEL32(00000040,00000000,00000000,?,100193F8,00000000,100193F8,10003D77,C:\Windows\SystemNvwmiShell\NvwmiShell.exe), ref: 100034DB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: lstrlen$_memset$File$CloseCreateErrorEventHandleLastModuleNameOpenPathProcessRemoveSpec_strrchr
                                      • String ID: .$C:\Windows\SystemNvwmiShell\NvwmiShell.exe$K230715080808P01234567$T2410122238-0F8BFBFF000806F8$\$\$d
                                      • API String ID: 2330158667-3616349848
                                      • Opcode ID: 1bf932c77ce2cdef0302630ebebd45fa1d73652634778ed7e2123af945d6a7ce
                                      • Instruction ID: ca23d12d9f6e500521e3c6517e95297770f1958da5c4c01a7c7bc343bf0d7a5a
                                      • Opcode Fuzzy Hash: 1bf932c77ce2cdef0302630ebebd45fa1d73652634778ed7e2123af945d6a7ce
                                      • Instruction Fuzzy Hash: 7851F971108341AFE311DBA4CC85FAB7BE8EF99284F04851DF69857242D770E688C7A6
                                      Function 100017C0 Relevance: 36.8, APIs: 4, Strings: 17, Instructions: 62libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNEL32 ref: 1000186B
                                      • GetProcAddress.KERNEL32(00000000), ref: 10001872
                                      • GetCurrentProcess.KERNEL32 ref: 10001885
                                      • IsWow64Process.KERNEL32(00000000), ref: 1000188C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Process$AddressCurrentLibraryLoadProcWow64
                                      • String ID: .$2$3$4$6$I$K$L$N$P$R$W$c$d$e$r$w
                                      • API String ID: 4035193891-3529685913
                                      • Opcode ID: 10d9e8f6925ff5a1af6f0d48fce6c68cb2f32344a34a7f8091a55976ae343cac
                                      • Instruction ID: 702da095a0edb4efcb78b19583d3893ca75c456b827562c0f4978adbde2b3090
                                      • Opcode Fuzzy Hash: 10d9e8f6925ff5a1af6f0d48fce6c68cb2f32344a34a7f8091a55976ae343cac
                                      • Instruction Fuzzy Hash: 5121CB6100D3C1DEE302DB68844874BBFE55BAA648F088A8DF0C95B282D6B9C71CC777
                                      Function 0088A63F Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 0088A649
                                        • Part of subcall function 0088651F: __EH_prolog3.LIBCMT ref: 00886526
                                      • CallNextHookEx.USER32(?,?,?,?), ref: 0088A68D
                                        • Part of subcall function 008847FB: __CxxThrowException@8.LIBCMT ref: 00884811
                                      • GetClassLongA.USER32(?,000000E6), ref: 0088A6D1
                                      • GlobalGetAtomNameA.KERNEL32(?,?,?,?,?,?,00000005), ref: 0088A6FB
                                      • SetWindowLongA.USER32(?,000000FC,Function_0000951E), ref: 0088A750
                                      • _memset.LIBCMT ref: 0088A79A
                                      • GetClassLongA.USER32(?,000000E0), ref: 0088A7CA
                                      • GetClassNameA.USER32(?,?,00000100), ref: 0088A7EB
                                      • GetWindowLongA.USER32(?,000000FC), ref: 0088A80F
                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 0088A829
                                      • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 0088A834
                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 0088A83C
                                      • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 0088A844
                                      • SetWindowLongA.USER32(?,000000FC,Function_0000A4F2), ref: 0088A852
                                      • CallNextHookEx.USER32(?,00000003,?,?), ref: 0088A86A
                                      • UnhookWindowsHookEx.USER32(?), ref: 0088A87E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                      • String ID: #32768$AfxOldWndProc423$ime
                                      • API String ID: 867647115-4034971020
                                      • Opcode ID: 2445360893ffd0213ae1e7927c3e1183a81ede697f41d3d7b642fe9a5df47e2c
                                      • Instruction ID: 23a78f2f65ab5a8b24dabbc43bd26efe5f482289a7df35c19144d2381dd76ee7
                                      • Opcode Fuzzy Hash: 2445360893ffd0213ae1e7927c3e1183a81ede697f41d3d7b642fe9a5df47e2c
                                      • Instruction Fuzzy Hash: 6D61D13180021AABEB25BB64CC49BAE7BB8FF05321F100166F655E25D1DB34CD81DFA2
                                      Function 100014C0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 152stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: lstrlen$_sprintf
                                      • String ID: Global\%s
                                      • API String ID: 1646862159-1921477690
                                      • Opcode ID: 1c449f34d9e6914fdf01324ea40385997640dc46db10c9877e91c0418cabb1e7
                                      • Instruction ID: 0e3358286bf1c73d62acb18ad4d628da7ec24e660d7c29ea413a6a58d1b58574
                                      • Opcode Fuzzy Hash: 1c449f34d9e6914fdf01324ea40385997640dc46db10c9877e91c0418cabb1e7
                                      • Instruction Fuzzy Hash: 9C51C3B29042056FD310EF64CC81DABB7EDEFC8348F04491EF54997106DA75E605CBA2
                                      Function 100035E0 Relevance: 30.2, APIs: 20, Instructions: 214stringfilesleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _malloc.LIBCMT ref: 10003622
                                        • Part of subcall function 1000523F: __FF_MSGBANNER.LIBCMT ref: 10005262
                                        • Part of subcall function 1000523F: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001), ref: 100052B6
                                        • Part of subcall function 10001350: lstrlen.KERNEL32 ref: 100013A3
                                      • _memset.LIBCMT ref: 10003656
                                      • lstrlen.KERNEL32(00000000), ref: 1000366F
                                      • lstrlen.KERNEL32(00000001), ref: 10003676
                                      • lstrlen.KERNEL32(?), ref: 10003681
                                      • lstrlen.KERNEL32(?), ref: 10003690
                                      • lstrlen.KERNEL32(?), ref: 1000369F
                                        • Part of subcall function 10003310: wsprintfA.USER32 ref: 1000339C
                                        • Part of subcall function 10003310: wsprintfA.USER32 ref: 100033E4
                                      • _malloc.LIBCMT ref: 10003715
                                      • _memset.LIBCMT ref: 10003724
                                      • _memset.LIBCMT ref: 10003731
                                      • _memset.LIBCMT ref: 1000373E
                                      • _memset.LIBCMT ref: 10003751
                                      • lstrlen.KERNEL32(00000001), ref: 1000375A
                                      • lstrlen.KERNEL32(?), ref: 1000376C
                                      • lstrlen.KERNEL32(?), ref: 10003781
                                      • DeleteFileA.KERNEL32(?,00000000), ref: 100037C4
                                      • Sleep.KERNEL32(000000C8), ref: 100037CF
                                      • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 100037E5
                                      • WriteFile.KERNEL32 ref: 1000380A
                                      • CloseHandle.KERNEL32(00000000), ref: 10003811
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: lstrlen$_memset$File$_mallocwsprintf$AllocateCloseCreateDeleteHandleHeapSleepWrite
                                      • String ID:
                                      • API String ID: 1465790191-0
                                      • Opcode ID: d2f87e1ab22fe96f96345a49dda9cc71e6b4e657ab06946fb1e5cb0ea88aeb21
                                      • Instruction ID: 527a364bbca301f577077738ad255cdf674a1d0a573911f68b4a685805fc0f6c
                                      • Opcode Fuzzy Hash: d2f87e1ab22fe96f96345a49dda9cc71e6b4e657ab06946fb1e5cb0ea88aeb21
                                      • Instruction Fuzzy Hash: 74719EB5504344AFE320EF64CC85F5BB7EDEF88684F408A1CF58597246DA75FA088B62
                                      Function 00886A12 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,75C04A40,00886B67,?,?,?,?,?,?,?,008889C9,00000000,00000002,00000028), ref: 00886A3D
                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00886A59
                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00886A6A
                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00886A7B
                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00886A8C
                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00886A9D
                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00886AAE
                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00886ABF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AddressProc$HandleModule
                                      • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                      • API String ID: 667068680-68207542
                                      • Opcode ID: a1b448af80e342c839807d8b5d1264b540305bba9d14b413f065c524a63d359c
                                      • Instruction ID: 0c7e7ff8ad400cdc5429207056d79345cd8d38a2a87dacf6780bd1d253ec9f52
                                      • Opcode Fuzzy Hash: a1b448af80e342c839807d8b5d1264b540305bba9d14b413f065c524a63d359c
                                      • Instruction Fuzzy Hash: 1D214FB1954272AF8720BF786CC986A3BE9F24A7003148A7FD251F26A1E7790445AF51
                                      Function 008888D9 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0088BA8D: GetWindowLongA.USER32(?,000000F0), ref: 0088BA98
                                      • GetParent.USER32(?), ref: 00888908
                                      • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 0088892B
                                      • GetWindowRect.USER32(?,?), ref: 00888945
                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 0088895B
                                      • CopyRect.USER32(?,?), ref: 008889A8
                                      • CopyRect.USER32(?,?), ref: 008889B2
                                      • GetWindowRect.USER32(00000000,?), ref: 008889BB
                                      • CopyRect.USER32(?,?), ref: 008889D7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Rect$Window$Copy$Long$MessageParentSend
                                      • String ID: (
                                      • API String ID: 808654186-3887548279
                                      • Opcode ID: 3c94a82e3d2450fd9ad6df87dfea1a529c00956c7c2ef8231af2950f29490da2
                                      • Instruction ID: 6839759c11d4cf427db6b8fd3bf5a1cff934818ca7fbc498a4aed639a8293749
                                      • Opcode Fuzzy Hash: 3c94a82e3d2450fd9ad6df87dfea1a529c00956c7c2ef8231af2950f29490da2
                                      • Instruction Fuzzy Hash: 51513D72900219EBDB15EBA8CC89EEEBBB9FF48314F554115F905F7290EB30A9418B61
                                      Function 10002290 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 161filesleepCOMMON
                                      Download Yara Rule
                                      APIs
                                      • DeleteFileA.KERNEL32(?,?,?,?,?,00000000), ref: 100022A4
                                      • Sleep.KERNEL32(000001F4,?,?,?,?,00000000), ref: 100022AF
                                      • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,?,?,?,00000000), ref: 100022CC
                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 100022E8
                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000), ref: 10002308
                                      • CloseHandle.KERNEL32(00000000), ref: 1000230F
                                      • CreateFileA.KERNEL32 ref: 10002393
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: File$Create$CloseDeleteHandleReadSizeSleep
                                      • String ID: m
                                      • API String ID: 1146365786-2771054989
                                      • Opcode ID: 929c178294106a363233bb4f4d782717d10050edf4adc5d20d1cdf64f0b6b01a
                                      • Instruction ID: 048fd775433e3bb0f5106af364adc211d506ff6b6e098e165c594137fc544903
                                      • Opcode Fuzzy Hash: 929c178294106a363233bb4f4d782717d10050edf4adc5d20d1cdf64f0b6b01a
                                      • Instruction Fuzzy Hash: 5F41D672500320AFE210DB64DC85F9B77E8EB8D751F004629FA05A7292DB75F919CBB2
                                      Function 10004560 Relevance: 22.8, APIs: 2, Strings: 11, Instructions: 63stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 10004582
                                        • Part of subcall function 10004400: _memset.LIBCMT ref: 1000443A
                                        • Part of subcall function 10004400: _memset.LIBCMT ref: 1000444B
                                        • Part of subcall function 10004400: wsprintfA.USER32 ref: 1000450E
                                      • lstrlen.KERNEL32(T2410122238-0F8BFBFF000806F8), ref: 100045E7
                                        • Part of subcall function 100011D0: _memset.LIBCMT ref: 100011F3
                                        • Part of subcall function 100011D0: __time64.LIBCMT ref: 100011FD
                                        • Part of subcall function 100011D0: __localtime64.LIBCMT ref: 10001214
                                        • Part of subcall function 100011D0: _memset.LIBCMT ref: 10001227
                                        • Part of subcall function 100011D0: _sprintf.LIBCMT ref: 1000125B
                                        • Part of subcall function 100011D0: _memset.LIBCMT ref: 10001269
                                        • Part of subcall function 100011D0: wsprintfA.USER32 ref: 10001296
                                        • Part of subcall function 100042B0: _memset.LIBCMT ref: 100042EB
                                        • Part of subcall function 100042B0: wsprintfA.USER32 ref: 100043AE
                                        • Part of subcall function 100042B0: lstrlen.KERNEL32(?,?,00000000,00000400,?,00000000,75B0A250,00000000), ref: 100043C0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memset$wsprintf$lstrlen$__localtime64__time64_sprintf
                                      • String ID: G$K$T2410122238-0F8BFBFF000806F8$c$n$o$p$r$t$u$y
                                      • API String ID: 3550073382-364563091
                                      • Opcode ID: 74c00d020acbef3582af209f9f2aa1f1ca7564db1ece04251ae4a75fbdc6b44e
                                      • Instruction ID: bb9a5fe94ae0ae072ababa0a8f05b0bda7bf95df23aab9b9d522deb1e55f3948
                                      • Opcode Fuzzy Hash: 74c00d020acbef3582af209f9f2aa1f1ca7564db1ece04251ae4a75fbdc6b44e
                                      • Instruction Fuzzy Hash: 7C21D16160C3C09AF305CB689C05B5FBBE59FE6644F04085DF1895A282C7BAE74883AB
                                      Function 100018B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 87sleepfilestringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 100018DC
                                        • Part of subcall function 10004400: _memset.LIBCMT ref: 1000443A
                                        • Part of subcall function 10004400: _memset.LIBCMT ref: 1000444B
                                        • Part of subcall function 10004400: wsprintfA.USER32 ref: 1000450E
                                      • lstrlen.KERNEL32(?), ref: 10001943
                                      • PathFileExistsA.SHLWAPI(00000044), ref: 10001959
                                      • Sleep.KERNEL32(000001F4), ref: 1000197A
                                      • DeleteFileA.KERNEL32(00000044), ref: 10001981
                                      • PathFileExistsA.SHLWAPI(00000044), ref: 10001989
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: File_memset$ExistsPath$DeleteSleeplstrlenwsprintf
                                      • String ID: D$F$i$s$t
                                      • API String ID: 3780081668-3907551925
                                      • Opcode ID: 3559ba0a86e11da85a83663f44138544efc67dcb359365154b660fe8d36b5c35
                                      • Instruction ID: a1631cf77f03373826da4636f993314f369d54a2a96ff2d850bd0d48caae8aa3
                                      • Opcode Fuzzy Hash: 3559ba0a86e11da85a83663f44138544efc67dcb359365154b660fe8d36b5c35
                                      • Instruction Fuzzy Hash: AD31A77210C3819FE311DB648880AAFBBE9AFD9688F444A1DF2C557242D674E708C76B
                                      Function 100011D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 131COMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 100011F3
                                      • __time64.LIBCMT ref: 100011FD
                                        • Part of subcall function 1000516E: GetSystemTimeAsFileTime.KERNEL32(?), ref: 10005179
                                        • Part of subcall function 1000516E: __aulldiv.LIBCMT ref: 10005199
                                      • __localtime64.LIBCMT ref: 10001214
                                        • Part of subcall function 10005147: __gmtime64_s.LIBCMT ref: 1000515C
                                      • _memset.LIBCMT ref: 10001227
                                      • _sprintf.LIBCMT ref: 1000125B
                                      • _memset.LIBCMT ref: 10001269
                                      • wsprintfA.USER32 ref: 10001296
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memset$Time$FileSystem__aulldiv__gmtime64_s__localtime64__time64_sprintfwsprintf
                                      • String ID: %08X%08X$%d%02d%02d%02d%02d$T2410122238-0F8BFBFF000806F8
                                      • API String ID: 2159953709-4070902383
                                      • Opcode ID: b4955a9ce85e649393f663804a74e4a75c6b77984e787d9fb8229fb0411b1f69
                                      • Instruction ID: 2dcffaa277a8476455f2ef3be5a96e5623be1a3afd47c62e9a855ef38a6a4532
                                      • Opcode Fuzzy Hash: b4955a9ce85e649393f663804a74e4a75c6b77984e787d9fb8229fb0411b1f69
                                      • Instruction Fuzzy Hash: F84127751047425BE319CF64CC55BEBB3E6EFC4780F40461DF58A8B240E6B2E949C761
                                      Function 00881A78 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleA.KERNEL32(KERNEL32), ref: 00881AA1
                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 00881ABE
                                      • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 00881ACB
                                      • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 00881AD8
                                      • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 00881AE5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AddressProc$HandleModule
                                      • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                      • API String ID: 667068680-3617302793
                                      • Opcode ID: baae7b531ec85e15763c3de775ef89f0a651bbc7f3b2a4b686363abdf15e5359
                                      • Instruction ID: 5e7f928d3c10cf19bb24dcca68a53d1aded7c413b3f186a3167957de784a33c4
                                      • Opcode Fuzzy Hash: baae7b531ec85e15763c3de775ef89f0a651bbc7f3b2a4b686363abdf15e5359
                                      • Instruction Fuzzy Hash: 67118F71D89314ABCF24BF65ECC881A7FA8FA96750311813FE104D3690EE744842CF55
                                      Function 00884B33 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 28libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleA.KERNEL32(KERNEL32,00884C4D), ref: 00884B41
                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 00884B62
                                      • GetProcAddress.KERNEL32(ReleaseActCtx), ref: 00884B74
                                      • GetProcAddress.KERNEL32(ActivateActCtx), ref: 00884B86
                                      • GetProcAddress.KERNEL32(DeactivateActCtx), ref: 00884B98
                                        • Part of subcall function 008847FB: __CxxThrowException@8.LIBCMT ref: 00884811
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AddressProc$Exception@8HandleModuleThrow
                                      • String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                      • API String ID: 2144170044-2424895508
                                      • Opcode ID: f05436b2af25eadf966224b2258c2121977ab1db12e09c46b1f9fcdc7a9e3fe0
                                      • Instruction ID: aeadd84c0dec351a8b82f9766a8f360deff2d61b8e4f20f660ded7876eb52880
                                      • Opcode Fuzzy Hash: f05436b2af25eadf966224b2258c2121977ab1db12e09c46b1f9fcdc7a9e3fe0
                                      • Instruction Fuzzy Hash: B8F01271D4839A9FDB107FB0BC099053FA4F746721B002556A410F2760DFB89040DF58
                                      Function 10004CC0 Relevance: 16.6, APIs: 11, Instructions: 98networksleepstringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSAStartup.WS2_32(00000202,?), ref: 10004CEA
                                      • socket.WS2_32(00000002,00000001,00000000), ref: 10004CF5
                                      • gethostbyname.WS2_32(?), ref: 10004D4B
                                      • inet_ntoa.WS2_32(?), ref: 10004D72
                                      • lstrcpy.KERNEL32(?,00000000), ref: 10004D81
                                      • inet_addr.WS2_32(?), ref: 10004D99
                                      • htons.WS2_32(?), ref: 10004DA8
                                      • connect.WS2_32(00000000,?,00000010), ref: 10004DBB
                                      • Sleep.KERNEL32(0000000A), ref: 10004DDC
                                      • closesocket.WS2_32(00000000), ref: 10004DF1
                                      • WSACleanup.WS2_32 ref: 10004DF7
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CleanupSleepStartupclosesocketconnectgethostbynamehtonsinet_addrinet_ntoalstrcpysocket
                                      • String ID:
                                      • API String ID: 1497285988-0
                                      • Opcode ID: 6d092484236cac678b156c704b7443424f51758ab1aca10ca42d8706b32be310
                                      • Instruction ID: 382a9743452a4c04bc4d813f8a42904d5fa19f675ade579c32352dcd571608c9
                                      • Opcode Fuzzy Hash: 6d092484236cac678b156c704b7443424f51758ab1aca10ca42d8706b32be310
                                      • Instruction Fuzzy Hash: C1313EB1508350AFE324DF64D884EABB7E9EF88740F00891EF559C3251D770D918CB66
                                      Function 100039D0 Relevance: 16.6, APIs: 2, Strings: 9, Instructions: 79sleepstringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlen.KERNEL32(?,?,?,74DF0440,74DF0F00,?,?,?,?,?,10003F45,?,?,00000040), ref: 10003A82
                                      • Sleep.KERNEL32(000007D0,74DF0440,74DF0F00,?,?,?,?,?,10003F45,?,?,00000040), ref: 10003A9D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Sleeplstrlen
                                      • String ID: 3$D$T2410122238-0F8BFBFF000806F8$W$_$a$c$m$o
                                      • API String ID: 404571708-296707681
                                      • Opcode ID: cf60eaa935ea09993eb39032457f5dc8f9d1f92bbccc55d8e19afddbc1d30710
                                      • Instruction ID: c819195460774051f07f7f022d288dde7b32127f139733f69c84a74f793f67aa
                                      • Opcode Fuzzy Hash: cf60eaa935ea09993eb39032457f5dc8f9d1f92bbccc55d8e19afddbc1d30710
                                      • Instruction Fuzzy Hash: 0F21E3752083819FE311DB28C845B1BBBE99F95348F08890DF4D947282D779E64CCBA3
                                      Function 10001D70 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 164sleepstringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10001CA0: _memset.LIBCMT ref: 10001CB4
                                        • Part of subcall function 10001CA0: GetVersionExA.KERNEL32(?), ref: 10001CC3
                                        • Part of subcall function 100017C0: LoadLibraryA.KERNEL32 ref: 1000186B
                                        • Part of subcall function 100017C0: GetProcAddress.KERNEL32(00000000), ref: 10001872
                                        • Part of subcall function 100017C0: GetCurrentProcess.KERNEL32 ref: 10001885
                                        • Part of subcall function 100017C0: IsWow64Process.KERNEL32(00000000), ref: 1000188C
                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10001DC2
                                      • lstrlen.KERNEL32(?), ref: 10001DCF
                                      • Sleep.KERNEL32(00000001,?), ref: 10001E37
                                      • Sleep.KERNEL32(000003E8,?,?,00000000), ref: 10001EC5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ProcessSleep$AddressCurrentFileLibraryLoadModuleNameProcVersionWow64_memsetlstrlen
                                      • String ID: D$F$i$s$t
                                      • API String ID: 1740255010-3907551925
                                      • Opcode ID: 1d0f5541d43d07943ac158e7c804ada25d0fe5b8d43bab013b6e5e15ff2c05dc
                                      • Instruction ID: 163e67f595c3a466306f0538099d8f6b6a82b4d5620d8888f04192d8a2c66a9d
                                      • Opcode Fuzzy Hash: 1d0f5541d43d07943ac158e7c804ada25d0fe5b8d43bab013b6e5e15ff2c05dc
                                      • Instruction Fuzzy Hash: 10512D752083C09BF305DB648841BAFB7D9DFC96C4F44490DF99687286DB61EB4883A3
                                      Function 0088A4F2 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch.LIBCMT ref: 0088A4F9
                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 0088A508
                                      • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 0088A562
                                        • Part of subcall function 008893B5: GetWindowRect.USER32(?,10000000), ref: 008893DF
                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 0088A589
                                      • RemovePropA.USER32(?,AfxOldWndProc423), ref: 0088A591
                                      • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 0088A598
                                      • GlobalDeleteAtom.KERNEL32(?), ref: 0088A5A2
                                      • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 0088A5F6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                                      • String ID: AfxOldWndProc423
                                      • API String ID: 2109165785-1060338832
                                      • Opcode ID: 852d69a52e3690e01c8b59bc91fc41e2701470a1381d480d8b13b222eca84942
                                      • Instruction ID: 31dac7105ac72f52b56aa61dab55d0fc47ff9fc137f740af6ed855332fccb861
                                      • Opcode Fuzzy Hash: 852d69a52e3690e01c8b59bc91fc41e2701470a1381d480d8b13b222eca84942
                                      • Instruction Fuzzy Hash: 10312F3180021AABEF06BFE4DD49EBF7A79FF46311F040115F601E21A1CB358A61DB62
                                      Function 100013F0 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 59stringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10001050: lstrlen.KERNEL32 ref: 10001066
                                        • Part of subcall function 10001050: _malloc.LIBCMT ref: 1000106E
                                      • lstrlen.KERNEL32 ref: 10001478
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: lstrlen$_malloc
                                      • String ID: 0$3$9$g$n$p$r$s$w
                                      • API String ID: 3018943236-3258421149
                                      • Opcode ID: 3b9d0c397773fd814065267c12b07003d5c18e608b407e658bda0ad37ab2cb1e
                                      • Instruction ID: 497b3459cfcc943a2ee35567d20adbc1497d56e79807d73c826ecf901fc48c5f
                                      • Opcode Fuzzy Hash: 3b9d0c397773fd814065267c12b07003d5c18e608b407e658bda0ad37ab2cb1e
                                      • Instruction Fuzzy Hash: D621687110C3C19BE315CB68C815B9BBBE5ABDA784F04494CB1D887252DAB9E64887A3
                                      Function 100048C0 Relevance: 15.0, APIs: 1, Strings: 9, Instructions: 42stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlen.KERNEL32 ref: 10004916
                                        • Part of subcall function 100047A0: _memset.LIBCMT ref: 100047BB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memsetlstrlen
                                      • String ID: 5$8$9$K$e$h$o$r$t
                                      • API String ID: 508792750-2989816885
                                      • Opcode ID: 4855a1a81f284582a7bf6d6c1ae58d7e1eedd7be010077afe38748f007c72a88
                                      • Instruction ID: a3642d6cc6c2f9c341d6c0445be83fc3c050222f7d26a568a19089825b521d5c
                                      • Opcode Fuzzy Hash: 4855a1a81f284582a7bf6d6c1ae58d7e1eedd7be010077afe38748f007c72a88
                                      • Instruction Fuzzy Hash: 57113C7110C3819EE316CB18D845BDFBBE99BEA744F44894DB1C987281CBB9960DC7A3
                                      Function 10001350 Relevance: 15.0, APIs: 1, Strings: 9, Instructions: 39stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlen.KERNEL32 ref: 100013A3
                                        • Part of subcall function 100047A0: _memset.LIBCMT ref: 100047BB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memsetlstrlen
                                      • String ID: 0$3$5$S$_$e$i$k$t
                                      • API String ID: 508792750-1352559841
                                      • Opcode ID: a9f8519f0f2c2a09a154380c69e4c2ec1469d59b75a014346d83081cdd5c3350
                                      • Instruction ID: 2b2ab4ca0e406aabb42c731482fa99e30ce040560576e9e22d25adad32a7f54e
                                      • Opcode Fuzzy Hash: a9f8519f0f2c2a09a154380c69e4c2ec1469d59b75a014346d83081cdd5c3350
                                      • Instruction Fuzzy Hash: 0801707140C3C0AAE316CB18C8457DFBFD99BA6344F04C80DB1C947192C6B99288C7A3
                                      Function 0089E9BA Relevance: 13.6, APIs: 9, Instructions: 146librarymemoryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNEL32(?), ref: 0089E9FF
                                      • GetLastError.KERNEL32 ref: 0089EA0B
                                      • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 0089EA3E
                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 0089EA50
                                      • LocalAlloc.KERNEL32(00000040,00000008), ref: 0089EA64
                                      • FreeLibrary.KERNEL32(00000000), ref: 0089EA81
                                      • GetProcAddress.KERNEL32(?,?), ref: 0089EAD6
                                      • GetLastError.KERNEL32(?,?), ref: 0089EAE2
                                      • RaiseException.KERNEL32(C06D007F,00000000,00000001,?,?,?), ref: 0089EB14
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ErrorExceptionLastLibraryRaise$AddressAllocExchangeFreeInterlockedLoadLocalProc
                                      • String ID:
                                      • API String ID: 991255547-0
                                      • Opcode ID: 3a34b6ddb49e94232832d4d8573a7713307c0307e56f53a02a1a948382276ae5
                                      • Instruction ID: 2da613d9aad2e852785c547445ff3b8d3eb291490a95b80b3a9971643838f5c7
                                      • Opcode Fuzzy Hash: 3a34b6ddb49e94232832d4d8573a7713307c0307e56f53a02a1a948382276ae5
                                      • Instruction Fuzzy Hash: 2A51F67160021A9FEF11EF94D984BAD7BF5FB68311F184129E645E76A0EB70AD44CB20
                                      Function 008862DC Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch.LIBCMT ref: 008862E3
                                      • EnterCriticalSection.KERNEL32(?,00000010,0088659F,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 008862F4
                                      • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00886312
                                      • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00886346
                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 008863B2
                                      • _memset.LIBCMT ref: 008863D1
                                      • TlsSetValue.KERNEL32(?,00000000), ref: 008863E2
                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00886403
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                      • String ID:
                                      • API String ID: 1891723912-0
                                      • Opcode ID: e99bb6fabe0027d971eb5d68cd6deee29a07a930239a89d3a9d3092978710606
                                      • Instruction ID: b0773b343458d3d5d8626c9a91200e1ac3d3941b6df8319b54cfb81a12856cc3
                                      • Opcode Fuzzy Hash: e99bb6fabe0027d971eb5d68cd6deee29a07a930239a89d3a9d3092978710606
                                      • Instruction Fuzzy Hash: D5319E70500606EFDB21BF24DC85DAABBA1FF05310B20C52DE556D7A51EB30AE60DF91
                                      Function 00884431 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00884391: GetParent.USER32(?), ref: 008843E5
                                        • Part of subcall function 00884391: GetLastActivePopup.USER32(?), ref: 008843F6
                                        • Part of subcall function 00884391: IsWindowEnabled.USER32(?), ref: 0088440A
                                        • Part of subcall function 00884391: EnableWindow.USER32(?,00000000), ref: 0088441D
                                      • EnableWindow.USER32(?,00000001), ref: 0088447E
                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00884492
                                      • GetCurrentProcessId.KERNEL32 ref: 0088449C
                                      • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 008844B4
                                      • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 0088452E
                                      • EnableWindow.USER32(00000000,00000001), ref: 00884573
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                      • String ID: 0
                                      • API String ID: 1877664794-4108050209
                                      • Opcode ID: c13e787f8b333ef67dc360f7cd480931f5a9009b4babfcafe7987be1d95b19a2
                                      • Instruction ID: 2c50847757dc17c3e908c8b4f51ba28e53df0c248d26828e320ebac0037df66c
                                      • Opcode Fuzzy Hash: c13e787f8b333ef67dc360f7cd480931f5a9009b4babfcafe7987be1d95b19a2
                                      • Instruction Fuzzy Hash: 26417173A0031AABDB25AF24CC45BDEB7B8FF05714F141598F659E6280D7B09E808F91
                                      Function 100049F0 Relevance: 12.2, APIs: 8, Instructions: 159COMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 10004A22
                                        • Part of subcall function 10004960: select.WS2_32 ref: 1000499A
                                        • Part of subcall function 10004960: __WSAFDIsSet.WS2_32(?,00000000), ref: 100049AA
                                        • Part of subcall function 10004960: recv.WS2_32(?,?,?,?), ref: 100049CC
                                        • Part of subcall function 100048C0: lstrlen.KERNEL32 ref: 10004916
                                      • _malloc.LIBCMT ref: 10004AAE
                                        • Part of subcall function 1000523F: __FF_MSGBANNER.LIBCMT ref: 10005262
                                        • Part of subcall function 1000523F: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001), ref: 100052B6
                                      • _memset.LIBCMT ref: 10004AB9
                                      • _memset.LIBCMT ref: 10004AE3
                                      • _realloc.LIBCMT ref: 10004B1D
                                        • Part of subcall function 10005940: _malloc.LIBCMT ref: 10005956
                                      • _memset.LIBCMT ref: 10004B4A
                                      • _malloc.LIBCMT ref: 10004B90
                                      • _memset.LIBCMT ref: 10004B9B
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memset$_malloc$AllocateHeap_realloclstrlenrecvselect
                                      • String ID:
                                      • API String ID: 1349317492-0
                                      • Opcode ID: 3ee342fb0321024b760cefbc6eb38936767aa0396e85e9cf867c2d27ab93653a
                                      • Instruction ID: 56148a727e19b04945c7e4c4e53b130ac6079e60b658ffb6dbe039032bbc2272
                                      • Opcode Fuzzy Hash: 3ee342fb0321024b760cefbc6eb38936767aa0396e85e9cf867c2d27ab93653a
                                      • Instruction Fuzzy Hash: 235194756043006BE214DB149C81FAFB3E9EFC8684F41495CF58997146EF71FA098BE6
                                      Function 00881E66 Relevance: 12.1, APIs: 8, Instructions: 66memorystringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GlobalLock.KERNEL32(?), ref: 00881E85
                                      • lstrcmpA.KERNEL32(?,?), ref: 00881E91
                                      • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 00881EA3
                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00881EC3
                                      • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00881ECB
                                      • GlobalLock.KERNEL32(00000000), ref: 00881ED5
                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 00881EE2
                                      • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 00881EFA
                                        • Part of subcall function 00885E10: GlobalFlags.KERNEL32(?), ref: 00885E1F
                                        • Part of subcall function 00885E10: GlobalUnlock.KERNEL32(?), ref: 00885E31
                                        • Part of subcall function 00885E10: GlobalFree.KERNEL32(?), ref: 00885E3C
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                      • String ID:
                                      • API String ID: 168474834-0
                                      • Opcode ID: e172d95ef8d810d67320219df48131e44576e4116719cdf85a862176e8e1b46c
                                      • Instruction ID: 4bd329d2d535da6da496c724658955d47011f31f5a9d0641e5b4f4b5a6abba1b
                                      • Opcode Fuzzy Hash: e172d95ef8d810d67320219df48131e44576e4116719cdf85a862176e8e1b46c
                                      • Instruction Fuzzy Hash: 0E118CB2500600BBEF22BBA9CC49D6F7AADFF85700B040419BA01D2821DA31D9529B21
                                      Function 00888F0F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _memset.LIBCMT ref: 00888F9E
                                      • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 00888FC7
                                      • GetWindowLongA.USER32(?,000000FC), ref: 00888FD9
                                      • GetWindowLongA.USER32(?,000000FC), ref: 00888FEA
                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 00889006
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: LongWindow$MessageSend_memset
                                      • String ID: ,
                                      • API String ID: 2997958587-3772416878
                                      • Opcode ID: 4396b74659ecb34617b76f577fab8e9255762c93b7644db6f45d80db956f4256
                                      • Instruction ID: d725fb6ef7fb77b1e1198fe51ba5597a1495cb183e02c4a8bbbc0f62f9462ce6
                                      • Opcode Fuzzy Hash: 4396b74659ecb34617b76f577fab8e9255762c93b7644db6f45d80db956f4256
                                      • Instruction Fuzzy Hash: 7C316D71600B14DFDB20BFA8D888A6EBBA5FF48310F550529E646D7692DF31E804CB95
                                      Function 00883F91 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00883F9B
                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 00884081
                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 0088409E
                                      • RegCloseKey.ADVAPI32(?), ref: 008840BE
                                      • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 008840D9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CloseEnumH_prolog3_OpenQueryValue
                                      • String ID: Software\
                                      • API String ID: 1666054129-964853688
                                      • Opcode ID: 4f386227d7e524b6c5a60490b7bed06179ee9c7082366760c47177e456da1657
                                      • Instruction ID: 95d4b277ec70c2d720a0760f142e0618aee17731e1cd5360011cad9b098bd474
                                      • Opcode Fuzzy Hash: 4f386227d7e524b6c5a60490b7bed06179ee9c7082366760c47177e456da1657
                                      • Instruction Fuzzy Hash: 8A41A071900618ABCB22FB68CC41ADEB7B8FF49710F1406D5F245E2192DB349B91CF51
                                      Function 00883E13 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00883E1D
                                      • RegOpenKeyA.ADVAPI32(?,?,?), ref: 00883EAB
                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 00883ECE
                                        • Part of subcall function 00883D6F: __EH_prolog3.LIBCMT ref: 00883D76
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: EnumH_prolog3H_prolog3_catch_Open
                                      • String ID: Software\Classes\
                                      • API String ID: 3518408925-1121929649
                                      • Opcode ID: e3bf95a33c13648b876ccc60a8ba0c3f289e7d1e35547b25c3f839eecb81b9c4
                                      • Instruction ID: 75e2452b10f794097edd0fcd8801d5f98cce7a7da4455966646a3886b82adc83
                                      • Opcode Fuzzy Hash: e3bf95a33c13648b876ccc60a8ba0c3f289e7d1e35547b25c3f839eecb81b9c4
                                      • Instruction Fuzzy Hash: 9B313E72C00168ABDB22FB68CC45BDDB7B4FF09710F1441D5E999A3252DA305F949F91
                                      Function 008848C9 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCapture.USER32 ref: 008848D6
                                      • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 008848F1
                                      • GetFocus.USER32 ref: 00884906
                                      • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 00884914
                                      • GetLastActivePopup.USER32(?), ref: 0088493D
                                      • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 0088494A
                                        • Part of subcall function 0088A071: GetWindowLongA.USER32(?,000000F0), ref: 0088A097
                                        • Part of subcall function 0088A071: GetParent.USER32(?), ref: 0088A0A5
                                      • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 00884970
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: MessageSend$ActiveCaptureFocusLastLongParentPopupWindow
                                      • String ID:
                                      • API String ID: 3338174999-0
                                      • Opcode ID: fbb4bc274bfd41a9d8f503f84267bda520ec42a167bdb4548d2a8824fcc0db5d
                                      • Instruction ID: d41117805420c5c9670c5fdfcd41c289e4aff30253ee04949d01c36a89511e95
                                      • Opcode Fuzzy Hash: fbb4bc274bfd41a9d8f503f84267bda520ec42a167bdb4548d2a8824fcc0db5d
                                      • Instruction Fuzzy Hash: 0811F97290111AFBEF247BA5CD85C6FBE78FB51789B201075E601E6171D7318E00AB21
                                      Function 008849A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 008849D9
                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 008849FC
                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 00884A18
                                      • RegCloseKey.ADVAPI32(?), ref: 00884A28
                                      • RegCloseKey.ADVAPI32(?), ref: 00884A32
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CloseCreate$Open
                                      • String ID: software
                                      • API String ID: 1740278721-2010147023
                                      • Opcode ID: b03a02807abc8e1f441524ae03d88fe2de16d6eb92a5124eccdf43136aaa1515
                                      • Instruction ID: 6e5e6761a3c818917faff661fa9afe24896eabfc7819f7bf3ae3a01700957660
                                      • Opcode Fuzzy Hash: b03a02807abc8e1f441524ae03d88fe2de16d6eb92a5124eccdf43136aaa1515
                                      • Instruction Fuzzy Hash: CA11B672900259BB9B21DF9ACD88DDFBFBDFB89710B1000AAA505E2121D7719A44DB60
                                      Function 0088637D Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LeaveCriticalSection.KERNEL32(?), ref: 00886384
                                      • __CxxThrowException@8.LIBCMT ref: 0088638E
                                        • Part of subcall function 008914AC: RaiseException.KERNEL32(?,?,?,?), ref: 008914EE
                                      • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 008863A5
                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 008863B2
                                        • Part of subcall function 008847C3: __CxxThrowException@8.LIBCMT ref: 008847D9
                                      • _memset.LIBCMT ref: 008863D1
                                      • TlsSetValue.KERNEL32(?,00000000), ref: 008863E2
                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00886403
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                      • String ID:
                                      • API String ID: 356813703-0
                                      • Opcode ID: 7ae27919f72121d8f20634747412c18ffa7e5e601e9156022115d04c19fec034
                                      • Instruction ID: 5b1253063a3e423f7057aa19abcd05d3419ecc47f5f77863f49d9a79274c5bcb
                                      • Opcode Fuzzy Hash: 7ae27919f72121d8f20634747412c18ffa7e5e601e9156022115d04c19fec034
                                      • Instruction Fuzzy Hash: 0B116D74500605AFEB11BF68DC89D6BBBB9FF05314B20C529F566D6A22DB31AC20CF51
                                      Function 0088BBAC Relevance: 10.5, APIs: 7, Instructions: 30COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetSysColor.USER32(0000000F), ref: 0088BBBA
                                      • GetSysColor.USER32(00000010), ref: 0088BBC1
                                      • GetSysColor.USER32(00000014), ref: 0088BBC8
                                      • GetSysColor.USER32(00000012), ref: 0088BBCF
                                      • GetSysColor.USER32(00000006), ref: 0088BBD6
                                      • GetSysColorBrush.USER32(0000000F), ref: 0088BBE3
                                      • GetSysColorBrush.USER32(00000006), ref: 0088BBEA
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Color$Brush
                                      • String ID:
                                      • API String ID: 2798902688-0
                                      • Opcode ID: 8734606c80908c0f12cb7c738533bcb02301b0267db61e3eaa9784d2e1144a78
                                      • Instruction ID: b625b6b869bc24a8ca5802f74106890c025a4d9e2e489cdf60eea1d1af502713
                                      • Opcode Fuzzy Hash: 8734606c80908c0f12cb7c738533bcb02301b0267db61e3eaa9784d2e1144a78
                                      • Instruction Fuzzy Hash: 0EF01C719417489BE730BF769D09B47BAE1FFC4B10F12092EE2858BA90E6B6E441DF40
                                      Function 100028D0 Relevance: 9.1, APIs: 6, Instructions: 122COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2a5540e0b6376b6317fd0047b61af9ff2008d22b21ad47509129865822010e15
                                      • Instruction ID: 7dd8f6d779e09c532bddc243db992255002c678a3af0241584c6fac205a1a6c4
                                      • Opcode Fuzzy Hash: 2a5540e0b6376b6317fd0047b61af9ff2008d22b21ad47509129865822010e15
                                      • Instruction Fuzzy Hash: 073192B5600304ABF751CF68DC81B6B77E9EF88794F054129FA48D7286E770E850C7A1
                                      Function 00884391 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowLongA.USER32(?,000000F0), ref: 008843C4
                                      • GetParent.USER32(?), ref: 008843D2
                                      • GetParent.USER32(?), ref: 008843E5
                                      • GetLastActivePopup.USER32(?), ref: 008843F6
                                      • IsWindowEnabled.USER32(?), ref: 0088440A
                                      • EnableWindow.USER32(?,00000000), ref: 0088441D
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                      • String ID:
                                      • API String ID: 670545878-0
                                      • Opcode ID: 1ed0e1d570c3f822a0cd42931797ca33fba4e0d1be32fb326f52e9ed7b7ba141
                                      • Instruction ID: bf2cd76c30a6f91c6e6108bae70743274d7cbf776a0f93e13bc064e1e26a274d
                                      • Opcode Fuzzy Hash: 1ed0e1d570c3f822a0cd42931797ca33fba4e0d1be32fb326f52e9ed7b7ba141
                                      • Instruction Fuzzy Hash: 46119133602633ABDB323A599C44F2EB698FF55B61F152215EC04E7300DB71CC0187A5
                                      Function 100034C0 Relevance: 9.1, APIs: 6, Instructions: 61fileCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 100016E0: GetCurrentProcess.KERNEL32(00000028,04B08C62), ref: 100016F4
                                        • Part of subcall function 100016E0: OpenProcessToken.ADVAPI32(00000000), ref: 100016FB
                                        • Part of subcall function 100016E0: LookupPrivilegeValueA.ADVAPI32 ref: 10001768
                                        • Part of subcall function 100016E0: AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 10001793
                                        • Part of subcall function 100016E0: CloseHandle.KERNELBASE ref: 1000179D
                                      • OpenProcess.KERNEL32(00000040,00000000,00000000,?,100193F8,00000000,100193F8,10003D77,C:\Windows\SystemNvwmiShell\NvwmiShell.exe), ref: 100034DB
                                      • CreateFileA.KERNEL32(100193F8,80000000,00000000,00000000,00000003,00000080,00000000,?,100193F8,00000000,100193F8,10003D77,C:\Windows\SystemNvwmiShell\NvwmiShell.exe), ref: 1000350A
                                      • CloseHandle.KERNEL32(00000000,?,100193F8,00000000,100193F8,10003D77,C:\Windows\SystemNvwmiShell\NvwmiShell.exe), ref: 10003516
                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000003,?,100193F8,00000000,100193F8,10003D77,C:\Windows\SystemNvwmiShell\NvwmiShell.exe), ref: 10003532
                                      • DuplicateHandle.KERNEL32(00000000,?,100193F8,00000000,100193F8,10003D77,C:\Windows\SystemNvwmiShell\NvwmiShell.exe), ref: 10003539
                                      • CloseHandle.KERNEL32(00000000,?,100193F8,00000000,100193F8,10003D77,C:\Windows\SystemNvwmiShell\NvwmiShell.exe), ref: 10003542
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: HandleProcess$Close$CurrentOpenToken$AdjustCreateDuplicateFileLookupPrivilegePrivilegesValue
                                      • String ID:
                                      • API String ID: 1199507832-0
                                      • Opcode ID: 02172e177f3dfb14f2c5a42cbfe5547a8897d3d41bfac8f83edf8f423a97b249
                                      • Instruction ID: ed0a4abee65e0af202ecdafec9b2291535b23e0e4caf41ee78f2b4d193e4b7f4
                                      • Opcode Fuzzy Hash: 02172e177f3dfb14f2c5a42cbfe5547a8897d3d41bfac8f83edf8f423a97b249
                                      • Instruction Fuzzy Hash: C10188B37412106AF22297A5EC8DF8B675CEBD97B1F218226F302DA0D1CA74E814C374
                                      Function 10002200 Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileA.KERNEL32(?,00000003,00000003,00000000,00000003,00000080,00000000,00000000,100023F4,?,?,00000000,?,?,?,?), ref: 10002215
                                      • CreateFileMappingA.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000), ref: 10002234
                                      • CloseHandle.KERNEL32(00000000), ref: 10002241
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CreateFile$CloseHandleMapping
                                      • String ID:
                                      • API String ID: 2353530451-0
                                      • Opcode ID: 54925720b7f1eca1df78ee0a410d90665a6d6e7e24323ccb5e54540a355b0d99
                                      • Instruction ID: cc518ea6fdabfc06b55dab28d1b7a09f89e67e13a145a9ed39cc1245d229224b
                                      • Opcode Fuzzy Hash: 54925720b7f1eca1df78ee0a410d90665a6d6e7e24323ccb5e54540a355b0d99
                                      • Instruction Fuzzy Hash: A401F9733853247AF23296B8AC8AF5B1658E788FB4F114722F700FA1C5C6B09841C268
                                      Function 10003560 Relevance: 9.0, APIs: 6, Instructions: 50fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 10003578
                                      • GetFileSize.KERNEL32(?,?,00000000,00000000), ref: 10003599
                                      • _malloc.LIBCMT ref: 100035A5
                                      • _memset.LIBCMT ref: 100035B0
                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 100035C2
                                      • CloseHandle.KERNEL32(00000000), ref: 100035C9
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: File$CloseCreateHandleReadSize_malloc_memset
                                      • String ID:
                                      • API String ID: 3209421157-0
                                      • Opcode ID: 1191510d0358fba0f37515c74336381b7dd8cd7ea2a6c81f29df921cb7486482
                                      • Instruction ID: 31527ba9eb8b3389904ea49f2e61f3caff14032329e749df33655cd59074d2a6
                                      • Opcode Fuzzy Hash: 1191510d0358fba0f37515c74336381b7dd8cd7ea2a6c81f29df921cb7486482
                                      • Instruction Fuzzy Hash: EA01F9763403107BF2209BA19C89F57BBACEB99BA2F108605F601921C2D671B514C770
                                      Function 0089495B Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __CreateFrameInfo.LIBCMT ref: 00894983
                                        • Part of subcall function 0088F00A: __getptd.LIBCMT ref: 0088F018
                                        • Part of subcall function 0088F00A: __getptd.LIBCMT ref: 0088F026
                                      • __getptd.LIBCMT ref: 0089498D
                                        • Part of subcall function 0089335C: __getptd_noexit.LIBCMT ref: 0089335F
                                        • Part of subcall function 0089335C: __amsg_exit.LIBCMT ref: 0089336C
                                      • __getptd.LIBCMT ref: 0089499B
                                      • __getptd.LIBCMT ref: 008949A9
                                      • __getptd.LIBCMT ref: 008949B4
                                      • _CallCatchBlock2.LIBCMT ref: 008949DA
                                        • Part of subcall function 0088F0AF: __CallSettingFrame@12.LIBCMT ref: 0088F0FB
                                        • Part of subcall function 00894A81: __getptd.LIBCMT ref: 00894A90
                                        • Part of subcall function 00894A81: __getptd.LIBCMT ref: 00894A9E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                      • String ID:
                                      • API String ID: 1602911419-0
                                      • Opcode ID: d54ecf7bc8b12c48ae8d4d90364a071ac110c6d95842f502b524802718562e01
                                      • Instruction ID: dc13b079308999f5756a19a7b3b8332ee0ed6ba5fa0f943007db9645fa418810
                                      • Opcode Fuzzy Hash: d54ecf7bc8b12c48ae8d4d90364a071ac110c6d95842f502b524802718562e01
                                      • Instruction Fuzzy Hash: E711C6B5D40209DFDF00EFA8D545AAD7BB0FF04315F188169F828E7352DB389A119B55
                                      Function 00885E9B Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                      Download Yara Rule
                                      APIs
                                      • ClientToScreen.USER32(?,?), ref: 00885EAC
                                      • GetDlgCtrlID.USER32(00000000), ref: 00885EC0
                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 00885ED0
                                      • GetWindowRect.USER32(00000000,?), ref: 00885EE2
                                      • PtInRect.USER32(?,?,?), ref: 00885EF2
                                      • GetWindow.USER32(?,00000005), ref: 00885EFF
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Window$Rect$ClientCtrlLongScreen
                                      • String ID:
                                      • API String ID: 1315500227-0
                                      • Opcode ID: 271a6f3eba5e1ca209bd753fe95bacc72cf9375d647edd91d4c39bd4e08a809d
                                      • Instruction ID: 7f0d4345f498a4cbf82223bf84084fa15d877d8ab5496458f8f8b6e5c7b29ef9
                                      • Opcode Fuzzy Hash: 271a6f3eba5e1ca209bd753fe95bacc72cf9375d647edd91d4c39bd4e08a809d
                                      • Instruction Fuzzy Hash: 70014F32140A1AABEB126B549C0CFEF3B6CFF42750F144111F919D6560EB70DA159B94
                                      Function 0088B668 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: _memset
                                      • String ID: @$@$AfxFrameOrView90s$AfxMDIFrame90s
                                      • API String ID: 2102423945-455206835
                                      • Opcode ID: 046e927218373c241d19579de07e93d6191e28eb24303c60a83174a3d24d7407
                                      • Instruction ID: e12af278b75b5c63832f14c75163963666e9f79d646f2a8f8ccbf093f1e804a7
                                      • Opcode Fuzzy Hash: 046e927218373c241d19579de07e93d6191e28eb24303c60a83174a3d24d7407
                                      • Instruction Fuzzy Hash: 5E910071C00209AADB50EFE8C985BEEBFF8FF44384F148565F958E6281E7748A45CB91
                                      Function 0088320E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetMenuCheckMarkDimensions.USER32 ref: 00883226
                                      • _memset.LIBCMT ref: 0088329E
                                      • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 00883301
                                      • LoadBitmapA.USER32(00000000,00007FE3), ref: 00883319
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                      • String ID:
                                      • API String ID: 4271682439-3916222277
                                      • Opcode ID: d755a3ac7f696d0c8af53197d6b097daf366936af2eba4de92bb1eb74a3df1cd
                                      • Instruction ID: 79f703951d09fc0fec2b5eabf70f5e1b5ae5a0abb4ad61ccc0e587fb70935267
                                      • Opcode Fuzzy Hash: d755a3ac7f696d0c8af53197d6b097daf366936af2eba4de92bb1eb74a3df1cd
                                      • Instruction Fuzzy Hash: E1313971A002299FEB20DF289C85BAD77B5FF45701F5541AAE648DB281DF358E448F60
                                      Function 00886BC7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 00886C07
                                      • GetSystemMetrics.USER32(00000000), ref: 00886C1F
                                      • GetSystemMetrics.USER32(00000001), ref: 00886C26
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: System$Metrics$InfoParameters
                                      • String ID: B$DISPLAY
                                      • API String ID: 3136151823-3316187204
                                      • Opcode ID: 9094a39f6dd7999dffc46270c331bf8fe2841823939ca7aa974b761bc42baf1b
                                      • Instruction ID: f86330ea56350da4295a7149883eb56c6dbd3ef3ca32d7c0dc786609c64df4e5
                                      • Opcode Fuzzy Hash: 9094a39f6dd7999dffc46270c331bf8fe2841823939ca7aa974b761bc42baf1b
                                      • Instruction Fuzzy Hash: 34110A71A00335ABDF11AF558C89A5B7BA9FF15754F004051FD05EF001E2B1D860CBD0
                                      Function 10001C00 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 23COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ExecuteShell
                                      • String ID: e$n$o$p
                                      • API String ID: 587946157-871044830
                                      • Opcode ID: d8419359cd6921bee7f1bae0301479e1da1c1fcd312d0f6f65d9659bc83fa38b
                                      • Instruction ID: 35e76cf24916bd7ca4872c5a0456c41876b9972921a251454c1739a729c09528
                                      • Opcode Fuzzy Hash: d8419359cd6921bee7f1bae0301479e1da1c1fcd312d0f6f65d9659bc83fa38b
                                      • Instruction Fuzzy Hash: B7F0307120C382AEE301CF28CC46B1BBFD59BA5744F04481DF5844A2D1C6B6E65C87A7
                                      Function 008946AA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 008946C4
                                        • Part of subcall function 0089335C: __getptd_noexit.LIBCMT ref: 0089335F
                                        • Part of subcall function 0089335C: __amsg_exit.LIBCMT ref: 0089336C
                                      • __getptd.LIBCMT ref: 008946D5
                                      • __getptd.LIBCMT ref: 008946E3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                      • String ID: MOC$csm
                                      • API String ID: 803148776-1389381023
                                      • Opcode ID: 9313b0a63940b20f3723c3dde8c3233a839a13e8f6a295f1473664cf96a1f44a
                                      • Instruction ID: a9c8534636844558e0b6d749421c97edddc9adf58c60080c720f4b6014637e4b
                                      • Opcode Fuzzy Hash: 9313b0a63940b20f3723c3dde8c3233a839a13e8f6a295f1473664cf96a1f44a
                                      • Instruction Fuzzy Hash: BBE04F791101049FDF14BB7CD046B2933E4FB5A318F5D04A1E40CCB322DB34E954AA43
                                      Function 10001F90 Relevance: 7.6, APIs: 5, Instructions: 77timefileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __time64.LIBCMT ref: 10001F96
                                        • Part of subcall function 1000516E: GetSystemTimeAsFileTime.KERNEL32(?), ref: 10005179
                                        • Part of subcall function 1000516E: __aulldiv.LIBCMT ref: 10005199
                                        • Part of subcall function 10005309: __getptd.LIBCMT ref: 1000530E
                                        • Part of subcall function 100011A0: _rand.LIBCMT ref: 100011B0
                                      • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,100023EC,?,00000000,?,?,?,?,?), ref: 1000204C
                                      • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,100023EC,?,00000000), ref: 10002066
                                      • SetFileTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,100023EC,?,00000000,?,?,?), ref: 1000207F
                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,100023EC,?,00000000,?,?,?,?,?), ref: 10002086
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Time$File$System$CloseCreateHandle__aulldiv__getptd__time64_rand
                                      • String ID:
                                      • API String ID: 2473678566-0
                                      • Opcode ID: 12dfa8a92c523efd9b2eed40b42960f2af2a7482309777bca0f9bad4f338e62e
                                      • Instruction ID: 3570ec03bd9b24081d753435d9d9933ec8cbddc5c6157c969ca5ba67566165f6
                                      • Opcode Fuzzy Hash: 12dfa8a92c523efd9b2eed40b42960f2af2a7482309777bca0f9bad4f338e62e
                                      • Instruction Fuzzy Hash: 1F217C38A8534076F618EBA0DC12FDF2555DF88B80F800509F7456F2D2DAB4E64483DA
                                      Function 10004E20 Relevance: 7.6, APIs: 5, Instructions: 70synchronizationthreadCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 100058DB: _malloc.LIBCMT ref: 100058F5
                                      • _malloc.LIBCMT ref: 10004E3A
                                        • Part of subcall function 1000523F: __FF_MSGBANNER.LIBCMT ref: 10005262
                                        • Part of subcall function 1000523F: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001), ref: 100052B6
                                      • _memset.LIBCMT ref: 10004E45
                                        • Part of subcall function 10006377: __atof_l.LIBCMT ref: 10006381
                                      • CreateThread.KERNEL32(00000000,00000000,10004CC0,00000000,00000000,00000000), ref: 10004E9D
                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?), ref: 10004EA8
                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?), ref: 10004EAF
                                        • Part of subcall function 1000544A: __lock.LIBCMT ref: 10005468
                                        • Part of subcall function 1000544A: ___sbh_find_block.LIBCMT ref: 10005473
                                        • Part of subcall function 1000544A: ___sbh_free_block.LIBCMT ref: 10005482
                                        • Part of subcall function 1000544A: HeapFree.KERNEL32(00000000,00000001,10014040,0000000C,10006CF5,00000000,10014130,0000000C,10006D2F,00000001,100080A1,?,1000E911,00000004,10014340,0000000C), ref: 100054B2
                                        • Part of subcall function 1000544A: GetLastError.KERNEL32 ref: 100054C3
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Heap_malloc$AllocateCloseCreateErrorFreeHandleLastObjectSingleThreadWait___sbh_find_block___sbh_free_block__atof_l__lock_memset
                                      • String ID:
                                      • API String ID: 12303079-0
                                      • Opcode ID: 72a8b30b413437493614e1813aed7f996f65fd18697cdf3e184840b191701fdb
                                      • Instruction ID: fcb5794e8b8b9a4163bf16340213ba0dcbf40501c817dc2ef2a183bdc6f2fa1a
                                      • Opcode Fuzzy Hash: 72a8b30b413437493614e1813aed7f996f65fd18697cdf3e184840b191701fdb
                                      • Instruction Fuzzy Hash: 7F216DB5604304AFE360DF25CC81F1BBBF8EF88691F108A2DF54A97255DA71F9408B61
                                      Function 00885D51 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenA.KERNEL32(?,?,?), ref: 00885D7D
                                      • _memset.LIBCMT ref: 00885D9A
                                      • GetWindowTextA.USER32(00000000,00000000,00000100), ref: 00885DB4
                                      • lstrcmpA.KERNEL32(00000000,?,?,?), ref: 00885DC6
                                      • SetWindowTextA.USER32(00000000,?), ref: 00885DD2
                                        • Part of subcall function 008847FB: __CxxThrowException@8.LIBCMT ref: 00884811
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                      • String ID:
                                      • API String ID: 289641511-0
                                      • Opcode ID: 1a181134e5d775a01d2af73220a02bbf3a1962f0bd057ab9bd5d2efb5975cb6b
                                      • Instruction ID: f399b43925eeeee5600267708cc7c07489b2ef972c72d96e79e3255ccd18751b
                                      • Opcode Fuzzy Hash: 1a181134e5d775a01d2af73220a02bbf3a1962f0bd057ab9bd5d2efb5975cb6b
                                      • Instruction Fuzzy Hash: F701F5B2600619A7D711BB68DC88FDF776CFF55750F004071FA45D3141EAB09E448BA0
                                      Function 00897E4C Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 00897E58
                                        • Part of subcall function 0089335C: __getptd_noexit.LIBCMT ref: 0089335F
                                        • Part of subcall function 0089335C: __amsg_exit.LIBCMT ref: 0089336C
                                      • __amsg_exit.LIBCMT ref: 00897E78
                                      • __lock.LIBCMT ref: 00897E88
                                      • InterlockedDecrement.KERNEL32(?), ref: 00897EA5
                                      • InterlockedIncrement.KERNEL32(02AB1660), ref: 00897ED0
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 4271482742-0
                                      • Opcode ID: 47e231118061916e3cdd3ae73c208cae60d7566ab70bc3d370aef7abcd98870a
                                      • Instruction ID: 53d78629a72cebadc6550d5258a8cfd092dc805ffdb127184afd0eeb165b6c4d
                                      • Opcode Fuzzy Hash: 47e231118061916e3cdd3ae73c208cae60d7566ab70bc3d370aef7abcd98870a
                                      • Instruction Fuzzy Hash: 2401AD31A19B21EBEF20BBA99805B9D7760FF41F20F180055F818E7A91CB346D41CBD6
                                      Function 10009B83 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 10009B8F
                                        • Part of subcall function 100080FE: __getptd_noexit.LIBCMT ref: 10008101
                                        • Part of subcall function 100080FE: __amsg_exit.LIBCMT ref: 1000810E
                                      • __amsg_exit.LIBCMT ref: 10009BAF
                                      • __lock.LIBCMT ref: 10009BBF
                                      • InterlockedDecrement.KERNEL32(?), ref: 10009BDC
                                      • InterlockedIncrement.KERNEL32(02B91658), ref: 10009C07
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 4271482742-0
                                      • Opcode ID: 1130e7cb2f8128682975b784ebcc255f6020dd0aeaba8e578da67b8eb712845c
                                      • Instruction ID: b47000df70662b008aae9f95e267f2c68a78c502498fc19181047385635688d2
                                      • Opcode Fuzzy Hash: 1130e7cb2f8128682975b784ebcc255f6020dd0aeaba8e578da67b8eb712845c
                                      • Instruction Fuzzy Hash: 3C01D235D01B26ABF711DB259889B5D73A0FF057E0F058005F8046B698CBB8AA80CBD2
                                      Function 100038D0 Relevance: 7.5, APIs: 5, Instructions: 46stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlen.KERNEL32(?), ref: 100038DF
                                      • _malloc.LIBCMT ref: 100038EF
                                        • Part of subcall function 1000523F: __FF_MSGBANNER.LIBCMT ref: 10005262
                                        • Part of subcall function 1000523F: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001), ref: 100052B6
                                      • _memset.LIBCMT ref: 100038FA
                                      • lstrlen.KERNEL32(?), ref: 10003903
                                      • lstrlen.KERNEL32(?), ref: 10003911
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: lstrlen$AllocateHeap_malloc_memset
                                      • String ID:
                                      • API String ID: 439977837-0
                                      • Opcode ID: b7352201762b6831f899ae76f0e8b31efdd25657f965589f54062528081a6ac9
                                      • Instruction ID: e9d2ae249df7939ad88245d259f7616acf15b06efc4cc7cf6fc67b8eea126424
                                      • Opcode Fuzzy Hash: b7352201762b6831f899ae76f0e8b31efdd25657f965589f54062528081a6ac9
                                      • Instruction Fuzzy Hash: CCF0F4761001046BE210DB15ACC1EBBB3EDEFCA68AB404019F80893107EA76FA0587B1
                                      Function 0088E821 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __lock.LIBCMT ref: 0088E83F
                                        • Part of subcall function 00892208: __mtinitlocknum.LIBCMT ref: 0089221E
                                        • Part of subcall function 00892208: __amsg_exit.LIBCMT ref: 0089222A
                                        • Part of subcall function 00892208: EnterCriticalSection.KERNEL32(00897902,00897902,?,00899513,00000004,008A5C80,0000000C,0089368D,?,00897911,00000000,00000000,00000000,?,0089330E,00000001), ref: 00892232
                                      • ___sbh_find_block.LIBCMT ref: 0088E84A
                                      • ___sbh_free_block.LIBCMT ref: 0088E859
                                      • HeapFree.KERNEL32(00000000,?,008A5870,0000000C,008921E9,00000000,008A5958,0000000C,00892223,?,00897902,?,00899513,00000004,008A5C80,0000000C), ref: 0088E889
                                      • GetLastError.KERNEL32(?,00899513,00000004,008A5C80,0000000C,0089368D,?,00897911,00000000,00000000,00000000,?,0089330E,00000001,00000214), ref: 0088E89A
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                      • String ID:
                                      • API String ID: 2714421763-0
                                      • Opcode ID: e184ed3f6c2e8a8cfbdd7ca98f2fef2711fe5a0ca0438a10cdce3d522aafecc2
                                      • Instruction ID: 38ee69fbd0c04c532a0e69aee8b8d249ab82de563a586b8527ef1d512d8fdcda
                                      • Opcode Fuzzy Hash: e184ed3f6c2e8a8cfbdd7ca98f2fef2711fe5a0ca0438a10cdce3d522aafecc2
                                      • Instruction Fuzzy Hash: C801D631905315AAEF347FF49C0AB4E7BA4FF01B61F240539F914E6081CB389840CB56
                                      Function 1000544A Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __lock.LIBCMT ref: 10005468
                                        • Part of subcall function 10006D14: __mtinitlocknum.LIBCMT ref: 10006D2A
                                        • Part of subcall function 10006D14: __amsg_exit.LIBCMT ref: 10006D36
                                        • Part of subcall function 10006D14: RtlEnterCriticalSection.NTDLL(100080A1), ref: 10006D3E
                                      • ___sbh_find_block.LIBCMT ref: 10005473
                                      • ___sbh_free_block.LIBCMT ref: 10005482
                                      • HeapFree.KERNEL32(00000000,00000001,10014040,0000000C,10006CF5,00000000,10014130,0000000C,10006D2F,00000001,100080A1,?,1000E911,00000004,10014340,0000000C), ref: 100054B2
                                      • GetLastError.KERNEL32 ref: 100054C3
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                      • String ID:
                                      • API String ID: 2714421763-0
                                      • Opcode ID: 1084ba4b8e410f98c145e015953ad37175c30c1906fe849f95615375910dd603
                                      • Instruction ID: a2c558886b17bd814bcb045e69f192f9ba00e1b976aeeff4cde37557392ca0ec
                                      • Opcode Fuzzy Hash: 1084ba4b8e410f98c145e015953ad37175c30c1906fe849f95615375910dd603
                                      • Instruction Fuzzy Hash: A201A279D44616AAFB11DBB08C0AB8E36A5EF043E6F318109F4046A099DF39E9C0CB65
                                      Function 00889ED6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0088B9E8: EnterCriticalSection.KERNEL32(008B9428,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA22
                                        • Part of subcall function 0088B9E8: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA34
                                        • Part of subcall function 0088B9E8: LeaveCriticalSection.KERNEL32(008B9428,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA41
                                        • Part of subcall function 0088B9E8: EnterCriticalSection.KERNEL32(?,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA51
                                        • Part of subcall function 00885FB0: __EH_prolog3_catch.LIBCMT ref: 00885FB7
                                        • Part of subcall function 008847FB: __CxxThrowException@8.LIBCMT ref: 00884811
                                      • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 00889F1F
                                      • FreeLibrary.KERNEL32(?), ref: 00889F2F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                      • String ID: HtmlHelpA$hhctrl.ocx
                                      • API String ID: 3274081130-63838506
                                      • Opcode ID: 8a2e9a5165b8f018fcccc9a4704da9779ee4847372b22b693c91b1a500bec676
                                      • Instruction ID: 6cad3820b53a2b2c9f0d9b2de6be12eaf396337657d025ecbd854a385355e7e1
                                      • Opcode Fuzzy Hash: 8a2e9a5165b8f018fcccc9a4704da9779ee4847372b22b693c91b1a500bec676
                                      • Instruction Fuzzy Hash: 3101493114470AEBDF223FA4DC0AB6A3B90FF50312F008814F7AAD1A90EF74C8509792
                                      Function 00894D08 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • ___BuildCatchObject.LIBCMT ref: 00894D1B
                                        • Part of subcall function 00894C76: ___BuildCatchObjectHelper.LIBCMT ref: 00894CAC
                                      • _UnwindNestedFrames.LIBCMT ref: 00894D32
                                      • ___FrameUnwindToState.LIBCMT ref: 00894D40
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                      • String ID: csm
                                      • API String ID: 2163707966-1018135373
                                      • Opcode ID: e7499f157c9fe119650e9cb92f3ffd1d5921df29dd050c141793363a17fe9802
                                      • Instruction ID: 41ad1be59f76f26ac7fb071cdf4424a564dfcc6591b8355aa00100765b6312b3
                                      • Opcode Fuzzy Hash: e7499f157c9fe119650e9cb92f3ffd1d5921df29dd050c141793363a17fe9802
                                      • Instruction Fuzzy Hash: B0014675000109BFDF12AF55CC41EEA3F6AFF09354F188014FD1894121D736A9B2EBA2
                                      Function 008993A9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleA.KERNEL32(KERNEL32,00891D7A), ref: 008993AE
                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 008993BE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                      • API String ID: 1646373207-3105848591
                                      • Opcode ID: 4086190681a44e49cdcc8bc0c812a1f5cf3286726f9415bcbfb7d3bdaaac9914
                                      • Instruction ID: 2bb773f5b39cee2cb8f83e5a56c013da2bf4b0fb458c99bdec9ee3b6b4c2b2b3
                                      • Opcode Fuzzy Hash: 4086190681a44e49cdcc8bc0c812a1f5cf3286726f9415bcbfb7d3bdaaac9914
                                      • Instruction Fuzzy Hash: E4F03030A41A0DD2EF102FA9AD0E6AF7A78FB81706F861494E5E1F05D4DF708070D745
                                      Function 1000C1E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleA.KERNEL32(KERNEL32,100063FA), ref: 1000C1ED
                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1000C1FD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                      • API String ID: 1646373207-3105848591
                                      • Opcode ID: 34baa8cb0b1ee51566053c426f891fd0f003e7d31af870d2d5cbe19dc2883d8d
                                      • Instruction ID: 140c9150048f97d8eaf1189b3b4d5c310c8ba91b4ace1448c6d3f5688a06714d
                                      • Opcode Fuzzy Hash: 34baa8cb0b1ee51566053c426f891fd0f003e7d31af870d2d5cbe19dc2883d8d
                                      • Instruction Fuzzy Hash: 18F03670900A1DD2FF006FA1AD49A9F7B74FF80745F920590D691E0099DF30C0B0D252
                                      Function 0089B330 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0089B364
                                      • __isleadbyte_l.LIBCMT ref: 0089B398
                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,0088F848,?,00000000,00000000,?,?,?,?,0088F848,00000000,?), ref: 0089B3C9
                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,0088F848,00000001,00000000,00000000,?,?,?,?,0088F848,00000000,?), ref: 0089B437
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                      • String ID:
                                      • API String ID: 3058430110-0
                                      • Opcode ID: 743025aba3839e5db43085a35256c059972912a7133bc0b4e114d773f54be5ea
                                      • Instruction ID: 67de4b90c15e8b49ac9e7e8189ce283800ee79162a929ce94e780bd8e11088c7
                                      • Opcode Fuzzy Hash: 743025aba3839e5db43085a35256c059972912a7133bc0b4e114d773f54be5ea
                                      • Instruction Fuzzy Hash: 17319C31A0029AEFDF20EF64E9849AE3BE5FF01311F1D8569E469CB291E371D940EB51
                                      Function 100102CF Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                      Download Yara Rule
                                      APIs
                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10010303
                                      • __isleadbyte_l.LIBCMT ref: 10010337
                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?,?,?,00000000,?,?,00000000), ref: 10010368
                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,?,00000000,?,?,00000000), ref: 100103D6
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                      • String ID:
                                      • API String ID: 3058430110-0
                                      • Opcode ID: b3c8c1cce440e36bb6f4094dd90a0142058d731ff677dc01e75f298246b24227
                                      • Instruction ID: 4c9da11056820fa63801510a931ad04b3d68b51e4b3ed7c9f6fe4112811a3e35
                                      • Opcode Fuzzy Hash: b3c8c1cce440e36bb6f4094dd90a0142058d731ff677dc01e75f298246b24227
                                      • Instruction Fuzzy Hash: 99317C31B00296EFDB10DF64C884AAE7BF9FF01291B1585A9F4A18F191D7B1DE80DB51
                                      Function 0088BF74 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __msize_malloc
                                      • String ID:
                                      • API String ID: 1288803200-0
                                      • Opcode ID: 59aaed18376eaae788c5b0fc2eb12e0751c882587698282d2ccb76955b99f90e
                                      • Instruction ID: f8b679da85f9795da8697b118d7839c9fb409e9ba935ebaec6bc25faf060c0b4
                                      • Opcode Fuzzy Hash: 59aaed18376eaae788c5b0fc2eb12e0751c882587698282d2ccb76955b99f90e
                                      • Instruction Fuzzy Hash: 5521A231100B15DFCB25FF38D885A5AB7A5FF80761B248529E818CA246DF30EC81CB96
                                      Function 008866A4 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 008866AB
                                        • Part of subcall function 008819BA: _malloc.LIBCMT ref: 008819D8
                                      • __CxxThrowException@8.LIBCMT ref: 008866E1
                                      • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,8007000E,00000000,00000000,00000000,?,8007000E,008A50B4,00000004,00881F7F,8007000E), ref: 0088670C
                                        • Part of subcall function 00884817: __cftof.LIBCMT ref: 00884828
                                      • LocalFree.KERNEL32(8007000E,8007000E), ref: 00886735
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow__cftof_malloc
                                      • String ID:
                                      • API String ID: 1808948168-0
                                      • Opcode ID: 3c6b9a2eae75a94d7a9dadfeecb9d9dc64bbeb33916168159fbd3f1d0fdb5dda
                                      • Instruction ID: 11055172943c02c13cc47618edb35b193788f4e1c7fe10ab6f290e9dae59f9c3
                                      • Opcode Fuzzy Hash: 3c6b9a2eae75a94d7a9dadfeecb9d9dc64bbeb33916168159fbd3f1d0fdb5dda
                                      • Instruction Fuzzy Hash: 8F115E71604249AFDF01FFA8CC859AA3BA9FF08354F258529F629CA291E63189648B51
                                      Function 008827EF Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 008827F6
                                        • Part of subcall function 00883743: __EH_prolog3.LIBCMT ref: 0088374A
                                      • __strdup.LIBCMT ref: 00882818
                                      • GetCurrentThread.KERNEL32 ref: 00882845
                                      • GetCurrentThreadId.KERNEL32 ref: 0088284E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CurrentH_prolog3Thread$__strdup
                                      • String ID:
                                      • API String ID: 4206445780-0
                                      • Opcode ID: 9c4ff4b2fe9949ced1ecdc4dbccc01d89b2529caba56c9095c1853a5fcaa2cc3
                                      • Instruction ID: a3f2c44f3454dfc4034b8c1cea429ccec1166bb0c7c7af30ce91b2164bf77c06
                                      • Opcode Fuzzy Hash: 9c4ff4b2fe9949ced1ecdc4dbccc01d89b2529caba56c9095c1853a5fcaa2cc3
                                      • Instruction Fuzzy Hash: B6216DB0800B54CFD761AF6AC54564AFAE8FFA4700F10892FE59AC7A22DBB0A545CF45
                                      Function 0088A9CB Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 0088A9F7
                                      • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 0088AA22
                                      • GetCapture.USER32 ref: 0088AA34
                                      • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 0088AA43
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: MessageSend$Capture
                                      • String ID:
                                      • API String ID: 1665607226-0
                                      • Opcode ID: bb1c7720a7e5647268887a915b793299918e6a623b1745a86b18b43af27c2d57
                                      • Instruction ID: 1d7e035c69178a44934874c1b4040bca75f57811f8026a7bc2fbc5ea79b4c35b
                                      • Opcode Fuzzy Hash: bb1c7720a7e5647268887a915b793299918e6a623b1745a86b18b43af27c2d57
                                      • Instruction Fuzzy Hash: 31010C313502557BEB353B668C8DFAB3E69EBCAB10F150079B645DA1A6DAA18800DA21
                                      Function 00884A84 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 00884ABF
                                      • RegCloseKey.ADVAPI32(00000000), ref: 00884AC8
                                      • swprintf.LIBCMT ref: 00884AE5
                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00884AF6
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: ClosePrivateProfileStringValueWriteswprintf
                                      • String ID:
                                      • API String ID: 22681860-0
                                      • Opcode ID: 2d3d87822133d824940c578c313a00bbe94926f920feb3b6374d54ab742c067d
                                      • Instruction ID: 437d03e95d16abdc7ba74fa3603082117c78ebe9cfbe8deec6e6a674f0a34358
                                      • Opcode Fuzzy Hash: 2d3d87822133d824940c578c313a00bbe94926f920feb3b6374d54ab742c067d
                                      • Instruction Fuzzy Hash: B201C07254021ABBDB10EF688C45FBF77ACFF49718F140419FA01E7181DAB4E9058BA5
                                      Function 00889716 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetTopWindow.USER32(?), ref: 00889726
                                      • GetTopWindow.USER32(00000000), ref: 00889765
                                      • GetWindow.USER32(00000000,00000002), ref: 00889783
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Window
                                      • String ID:
                                      • API String ID: 2353593579-0
                                      • Opcode ID: 4700d4af2de8da9a956c8a514002e7c5eeba21714d36894077e9336b3cae96ad
                                      • Instruction ID: e08594c8ca6256d2e0653fd5770d231a856cf7c924e5412ab67ce96de6737152
                                      • Opcode Fuzzy Hash: 4700d4af2de8da9a956c8a514002e7c5eeba21714d36894077e9336b3cae96ad
                                      • Instruction Fuzzy Hash: 8C01E932010619BBCF237F959C49EEE3B26FF89360F094014FA55A5061C736C962EBA5
                                      Function 008890D2 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?,?), ref: 008890DF
                                      • GetTopWindow.USER32(00000000), ref: 008890F2
                                        • Part of subcall function 008890D2: GetWindow.USER32(00000000,00000002), ref: 00889139
                                      • GetTopWindow.USER32(?), ref: 00889122
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: Window$Item
                                      • String ID:
                                      • API String ID: 369458955-0
                                      • Opcode ID: 208cde1261e89ef96c52b1a408f8e17693ef1a4bd1c4886e7664aa8ad2d87cf6
                                      • Instruction ID: 3a3dec14b0c72d27f9b853d7c5014033d3bb5ef0eaf30bf841c5690ccb02a622
                                      • Opcode Fuzzy Hash: 208cde1261e89ef96c52b1a408f8e17693ef1a4bd1c4886e7664aa8ad2d87cf6
                                      • Instruction Fuzzy Hash: 37018F3A04561BF79F233B658C0DEBE3A2AFF593A1F084120FD58D1111EB39C9119B91
                                      Function 00899295 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                      • String ID:
                                      • API String ID: 3016257755-0
                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                      • Instruction ID: 88bd5f56dbc00cff0bd6ff8cb461ce9ca562248f7f50f9ac13b4b83085231e67
                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                      • Instruction Fuzzy Hash: C4117B7204014EBBCF126FC8DC45CEE3F22FB19354B188519FAA898131D636C9B1AB82
                                      Function 1000C0B3 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                      • String ID:
                                      • API String ID: 3016257755-0
                                      • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                      • Instruction ID: 602a6bddc6d59fb7428decce1e43c4d8a631ffc6a3b3bc1e6cdc595f5705a157
                                      • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                      • Instruction Fuzzy Hash: 7A113D3640028EBBDF229F84CC02CEE3F62FB19294B558415FE1959135C636D9B2AB81
                                      Function 10003CB0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40sleepCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10003560: CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 10003578
                                      • Sleep.KERNEL32(000493E0,?,?), ref: 10003D1B
                                      • Sleep.KERNEL32(?,?,?), ref: 10003D23
                                        • Part of subcall function 100035E0: _malloc.LIBCMT ref: 10003622
                                        • Part of subcall function 100035E0: _memset.LIBCMT ref: 10003656
                                        • Part of subcall function 100035E0: lstrlen.KERNEL32(00000000), ref: 1000366F
                                        • Part of subcall function 100035E0: lstrlen.KERNEL32(00000001), ref: 10003676
                                        • Part of subcall function 100035E0: lstrlen.KERNEL32(?), ref: 10003681
                                        • Part of subcall function 100035E0: lstrlen.KERNEL32(?), ref: 10003690
                                        • Part of subcall function 100035E0: lstrlen.KERNEL32(?), ref: 1000369F
                                        • Part of subcall function 1000544A: __lock.LIBCMT ref: 10005468
                                        • Part of subcall function 1000544A: ___sbh_find_block.LIBCMT ref: 10005473
                                        • Part of subcall function 1000544A: ___sbh_free_block.LIBCMT ref: 10005482
                                        • Part of subcall function 1000544A: HeapFree.KERNEL32(00000000,00000001,10014040,0000000C,10006CF5,00000000,10014130,0000000C,10006D2F,00000001,100080A1,?,1000E911,00000004,10014340,0000000C), ref: 100054B2
                                        • Part of subcall function 1000544A: GetLastError.KERNEL32 ref: 100054C3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: lstrlen$Sleep$CreateErrorFileFreeHeapLast___sbh_find_block___sbh_free_block__lock_malloc_memset
                                      • String ID: 8686$contr.netmows.com
                                      • API String ID: 621558490-3196597963
                                      • Opcode ID: b5729765b97d915111ba425bfff4d59f5b8b256d07b64cc766cedeb3f2ffb0be
                                      • Instruction ID: 0a00253eec6a7a4423b11cc2afba81e1e5bfe017dc344672bac5d0897f6ad712
                                      • Opcode Fuzzy Hash: b5729765b97d915111ba425bfff4d59f5b8b256d07b64cc766cedeb3f2ffb0be
                                      • Instruction Fuzzy Hash: E2F0C2B61046017BE716DB148C91F6B73EDEBC4AC4F24851CF64547189EB70F949CBA2
                                      Function 100058DB Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                      Download Yara Rule
                                      APIs
                                      • _malloc.LIBCMT ref: 100058F5
                                        • Part of subcall function 1000523F: __FF_MSGBANNER.LIBCMT ref: 10005262
                                        • Part of subcall function 1000523F: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001), ref: 100052B6
                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 10005918
                                        • Part of subcall function 10005871: std::exception::exception.LIBCMT ref: 1000587D
                                      • std::bad_exception::bad_exception.LIBCMT ref: 1000592C
                                      • __CxxThrowException@8.LIBCMT ref: 1000593A
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                      • String ID:
                                      • API String ID: 1411284514-0
                                      • Opcode ID: 4909aec7c2310be4d9b6bf0c1877b15ca13b04e7b0f4b3ea892b3e5f21f66464
                                      • Instruction ID: c4ce98d800f3adc1d18bda069480c67be2a1024ba762491d970c0a992892a227
                                      • Opcode Fuzzy Hash: 4909aec7c2310be4d9b6bf0c1877b15ca13b04e7b0f4b3ea892b3e5f21f66464
                                      • Instruction Fuzzy Hash: E8F0273840521976FF05D360EC4699F37D8DF812D5B118025FD006909BDF3BEAC08280
                                      Function 008985B8 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 008985C4
                                        • Part of subcall function 0089335C: __getptd_noexit.LIBCMT ref: 0089335F
                                        • Part of subcall function 0089335C: __amsg_exit.LIBCMT ref: 0089336C
                                      • __getptd.LIBCMT ref: 008985DB
                                      • __amsg_exit.LIBCMT ref: 008985E9
                                      • __lock.LIBCMT ref: 008985F9
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 3521780317-0
                                      • Opcode ID: b5bb38cb4d4cd2b707321def6482cf1fd4306b498bc0ec7f9d56ea7f3e13d40d
                                      • Instruction ID: c74fbb528c15b2f24e9cba092ae736c25c4bd484a2611b2c57a0cd0b5d4ca417
                                      • Opcode Fuzzy Hash: b5bb38cb4d4cd2b707321def6482cf1fd4306b498bc0ec7f9d56ea7f3e13d40d
                                      • Instruction Fuzzy Hash: 89F09032941705DBEF21BBB8980774D73A0FF02720F0D4249E055EB692CF749A459B97
                                      Function 1000A2EF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 1000A2FB
                                        • Part of subcall function 100080FE: __getptd_noexit.LIBCMT ref: 10008101
                                        • Part of subcall function 100080FE: __amsg_exit.LIBCMT ref: 1000810E
                                      • __getptd.LIBCMT ref: 1000A312
                                      • __amsg_exit.LIBCMT ref: 1000A320
                                      • __lock.LIBCMT ref: 1000A330
                                      Memory Dump Source
                                      • Source File: 00000001.00000003.1745850751.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 00000001.00000003.1745836166.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010016000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 00000001.00000003.1745850751.0000000010020000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_3_10000000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 3521780317-0
                                      • Opcode ID: 4dce794c3abb9fc3ed9643e70079c6227df86e6be215d7788557a72360c3c3b1
                                      • Instruction ID: 7776ec8e1991093e0d2b1327e5338a80a73d18ea2ac7c10ad069f1f5a6989d71
                                      • Opcode Fuzzy Hash: 4dce794c3abb9fc3ed9643e70079c6227df86e6be215d7788557a72360c3c3b1
                                      • Instruction Fuzzy Hash: 52F06D3AD406149BF260DB78C80674833E0FF013E0F618219F544AB6AACB74AB80CB52
                                      Function 00894A81 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 0088F05D: __getptd.LIBCMT ref: 0088F063
                                        • Part of subcall function 0088F05D: __getptd.LIBCMT ref: 0088F073
                                      • __getptd.LIBCMT ref: 00894A90
                                        • Part of subcall function 0089335C: __getptd_noexit.LIBCMT ref: 0089335F
                                        • Part of subcall function 0089335C: __amsg_exit.LIBCMT ref: 0089336C
                                      • __getptd.LIBCMT ref: 00894A9E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                      • String ID: csm
                                      • API String ID: 803148776-1018135373
                                      • Opcode ID: 08ae3d30f84b6224bb1b9e4acddda435e8f1fbde26ebaf411d3120ec5dda5281
                                      • Instruction ID: a19983c6b0f6a76b2f3ff87d3fb17c23dc8f72fc9ee2c3d8c098182fd667190b
                                      • Opcode Fuzzy Hash: 08ae3d30f84b6224bb1b9e4acddda435e8f1fbde26ebaf411d3120ec5dda5281
                                      • Instruction Fuzzy Hash: CA0128358402158FCF34FF28D440AAEB3F5FF14311F1C546AE455D6692DB718992DB46
                                      Function 0088642C Relevance: 5.1, APIs: 4, Instructions: 61COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • EnterCriticalSection.KERNEL32(?), ref: 0088648B
                                      • LeaveCriticalSection.KERNEL32(?), ref: 0088649B
                                      • LocalFree.KERNEL32(?), ref: 008864A4
                                      • TlsSetValue.KERNEL32(?,00000000), ref: 008864B6
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                      • String ID:
                                      • API String ID: 2949335588-0
                                      • Opcode ID: fd3ba71388dc05806c902414ff7729bfd6be8c78f56fd2922e503799dfaa22c1
                                      • Instruction ID: ddbffabf125e9f35c4821202810223f6ff01247575ef42e7c047d7e26d1413b8
                                      • Opcode Fuzzy Hash: fd3ba71388dc05806c902414ff7729bfd6be8c78f56fd2922e503799dfaa22c1
                                      • Instruction Fuzzy Hash: F4117971600608EFEB24EF58D884FAAB7B4FF06315F108029E152C75A2DB71A960CF54
                                      Function 0088B9E8 Relevance: 5.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • EnterCriticalSection.KERNEL32(008B9428,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA22
                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA34
                                      • LeaveCriticalSection.KERNEL32(008B9428,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA41
                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,00885FCB,00000010,00000008,008854B9,0088545C,008835CF,008854C3,0088339D,00881D65), ref: 0088BA51
                                        • Part of subcall function 008847FB: __CxxThrowException@8.LIBCMT ref: 00884811
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                      • String ID:
                                      • API String ID: 3253506028-0
                                      • Opcode ID: 4c1e289a2232faa97c0082c565e988106bd4320d651d09bd94b91aae20ac0ffd
                                      • Instruction ID: d51b468d63e547e458fd6064b8106ed3ec83c4d1a8815c91ed4bdc2cb1d60ea8
                                      • Opcode Fuzzy Hash: 4c1e289a2232faa97c0082c565e988106bd4320d651d09bd94b91aae20ac0ffd
                                      • Instruction Fuzzy Hash: 2BF0F633A00209ABDB147B68EC45B99BB59FFD2320F410125E394C2352D7349882CF69
                                      Function 00885F44 Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,00886586,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00885F52
                                      • TlsGetValue.KERNEL32(00000000,?,?,?,?,00886586,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00885F66
                                      • LeaveCriticalSection.KERNEL32(0000001C,?,?,?,?,00886586,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00885F7C
                                      • LeaveCriticalSection.KERNEL32(0000001C,?,?,?,?,00886586,?,00000004,0088549A,008835CF,008854C3,0088339D,00881D65), ref: 00885F87
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.1746155523.0000000000881000.00000020.00000001.01000000.00000005.sdmp, Offset: 00880000, based on PE: true
                                      • Associated: 00000001.00000002.1746141290.0000000000880000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746177055.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746192749.00000000008A8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746206819.00000000008AA000.00000008.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B7000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746225398.00000000008B9000.00000004.00000001.01000000.00000005.sdmpDownload File
                                      • Associated: 00000001.00000002.1746254637.00000000008BC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_880000_NvwmiShell.jbxd
                                      Similarity
                                      • API ID: CriticalSection$Leave$EnterValue
                                      • String ID:
                                      • API String ID: 3969253408-0
                                      • Opcode ID: 98261099a817d9c228259c93e47c437b39ccd2b04e9fdacd9296d16ad18f7041
                                      • Instruction ID: bdcb43a96278e2dfad9e3f7a9cb8767fb5918ed097b7e14fb438915242ffa8f2
                                      • Opcode Fuzzy Hash: 98261099a817d9c228259c93e47c437b39ccd2b04e9fdacd9296d16ad18f7041
                                      • Instruction Fuzzy Hash: 50F082362049049FE730AF68DC88D5AB7EDFF9536035A452AFA16D3612DA30F801CFA0

                                      Execution Graph

                                      Execution Coverage:9.6%
                                      Dynamic/Decrypted Code Coverage:52.7%
                                      Signature Coverage:0.6%
                                      Total number of Nodes:2000
                                      Total number of Limit Nodes:65
                                      execution_graph 9583 10002f20 WSAStartup 9588 10002c70 9583->9588 9587 10002f6e 9619 10003b40 9588->9619 9590 10002cbb lstrlen 9591 10002cd3 Sleep 9590->9591 9592 10002d17 9590->9592 9594 10003b40 123 API calls 9591->9594 9636 10003100 9592->9636 9595 10002d0b lstrlen 9594->9595 9595->9591 9595->9592 9598 10002e54 9660 10002bb0 9598->9660 9600 10002e6d 9601 10002e78 9600->9601 9603 10002ec7 9600->9603 9602 10002e95 9601->9602 9672 100028e0 9601->9672 9604 10003c98 __write_nolock 5 API calls 9602->9604 9603->9602 9605 10002ecb 9603->9605 9607 10002ea7 WSACleanup 9604->9607 9608 10002ee8 Sleep 9605->9608 9609 10002ecf 9605->9609 9611 10003c98 9607->9611 9608->9609 9610 100028e0 179 API calls 9609->9610 9610->9608 9612 10003ca0 9611->9612 9613 10003ca2 IsDebuggerPresent 9611->9613 9612->9587 11173 1000addb 9613->11173 9616 100054a5 SetUnhandledExceptionFilter UnhandledExceptionFilter 9617 100054c2 __invoke_watson 9616->9617 9618 100054ca GetCurrentProcess TerminateProcess 9616->9618 9617->9618 9618->9587 9692 10003890 InternetOpenA 9619->9692 9621 10003b5f 9622 10003b8e lstrlen 9621->9622 9633 10003c3a 9621->9633 9623 10003ba3 9622->9623 9624 10003bba 9622->9624 9724 10003d5b 9623->9724 9737 100030c0 9624->9737 9627 10003bad 9627->9590 9629 10003bdf 9630 10003be3 9629->9630 9632 10003c11 9629->9632 9634 10003d5b __setmbcp 66 API calls 9630->9634 9631 10003d5b __setmbcp 66 API calls 9631->9633 9632->9631 9633->9590 9635 10003c04 9634->9635 9635->9590 9637 10003e38 _malloc 66 API calls 9636->9637 9638 10003114 9637->9638 9639 10003121 GetAdaptersInfo 9638->9639 9640 10002d48 9638->9640 9641 10003131 9639->9641 9642 1000314e GetAdaptersInfo 9639->9642 9649 10002ae0 9640->9649 9644 10003d5b __setmbcp 66 API calls 9641->9644 9643 10003162 9642->9643 9643->9640 9647 10003d5b __setmbcp 66 API calls 9643->9647 9645 10003137 9644->9645 9646 10003e38 _malloc 66 API calls 9645->9646 9648 10003141 9646->9648 9647->9640 9648->9640 9648->9642 9650 10002b32 9649->9650 9651 10002b67 9650->9651 9653 10002b7c 9650->9653 10556 10003ca7 9650->10556 9654 10003c98 __write_nolock 5 API calls 9651->9654 9655 10003ca7 _sprintf 102 API calls 9653->9655 9656 10002b76 9654->9656 9657 10002b90 9655->9657 9656->9598 9658 10003c98 __write_nolock 5 API calls 9657->9658 9659 10002ba2 9658->9659 9659->9598 9661 10002c00 9660->9661 9662 10002c17 9661->9662 9663 10002c2c 9661->9663 9664 10003c98 __write_nolock 5 API calls 9662->9664 9665 10003ca7 _sprintf 102 API calls 9663->9665 9666 10002c26 9664->9666 9667 10002c3c 9665->9667 9666->9600 9668 10003ca7 _sprintf 102 API calls 9667->9668 9669 10002c4c 9668->9669 9670 10003c98 __write_nolock 5 API calls 9669->9670 9671 10002c5e 9670->9671 9671->9600 10816 10002800 GetCurrentProcess OpenProcessToken 9672->10816 9675 10002967 CreateSemaphoreA 9677 10002a93 9675->9677 9678 1000299e GetStdHandle 9675->9678 9676 10002a9f 9676->9602 10840 10002ac0 CloseHandle CloseHandle 9677->10840 9678->9677 9685 100029b4 9678->9685 9680 10002a56 WaitForSingleObject ReleaseSemaphore 9682 10002a88 9680->9682 9683 10002a7b Sleep 9680->9683 9681 100029c8 WaitForSingleObject 9684 10002a09 ReleaseSemaphore 9681->9684 9681->9685 9682->9677 9688 10002ab3 Sleep 9682->9688 9683->9677 9687 10002a1a 9684->9687 9685->9680 9685->9681 9686 100046b7 std::runtime_error::runtime_error 75 API calls 9685->9686 9689 100029e3 CreateThread CloseHandle 9686->9689 10823 10004443 9687->10823 9688->9680 9689->9687 10875 100025d0 9689->10875 9691 10002a3e Sleep 9691->9685 9693 1000390b InternetOpenUrlA 9692->9693 9710 10003904 9692->9710 9694 10003926 9693->9694 9693->9710 9742 10003e38 9694->9742 9696 10003c98 __write_nolock 5 API calls 9698 10003b36 9696->9698 9698->9621 9699 10003e38 _malloc 66 API calls 9700 10003940 _memset 9699->9700 9701 1000394e InternetReadFile 9700->9701 9702 100039ba InternetCloseHandle InternetCloseHandle 9701->9702 9711 1000396f _memset 9701->9711 9703 100039dc 9702->9703 9723 10003ae8 9702->9723 9706 100039f0 lstrlen 9703->9706 9705 10004e71 _realloc 72 API calls 9707 10003b02 9705->9707 9712 10003a17 _memset 9706->9712 9708 10003d5b __setmbcp 66 API calls 9707->9708 9708->9710 9710->9696 9713 10003999 InternetReadFile 9711->9713 9760 10004e71 9711->9760 9797 10003f10 9711->9797 9714 10003f10 _memcpy_s __VEC_memcpy 9712->9714 9712->9723 9713->9702 9713->9711 9715 10003a50 9714->9715 9715->9723 9801 10003780 MultiByteToWideChar 9715->9801 9723->9705 9725 10003d67 __setmbcp 9724->9725 9726 10003da6 9725->9726 9727 10003de0 _realloc __setmbcp 9725->9727 9729 10006688 __lock 64 API calls 9725->9729 9726->9727 9728 10003dbb HeapFree 9726->9728 9727->9627 9728->9727 9730 10003dcd 9728->9730 9732 10003d7e ___sbh_find_block 9729->9732 9731 1000641f _strcat_s 64 API calls 9730->9731 9733 10003dd2 GetLastError 9731->9733 9734 10003d98 9732->9734 10305 100066eb 9732->10305 9733->9727 10311 10003db1 9734->10311 10315 1000db7e 9737->10315 9739 100030f8 lstrlen 9739->9629 9740 100030d5 9740->9739 9741 1000db7e 101 API calls 9740->9741 9741->9740 9743 10003e4a 9742->9743 9744 10003eeb 9742->9744 9746 10003e5b 9743->9746 9752 10003934 9743->9752 9753 10003ea7 RtlAllocateHeap 9743->9753 9755 10003ed7 9743->9755 9758 10003edc 9743->9758 9871 10003de9 9743->9871 9879 100076df 9743->9879 9745 100076df _realloc 6 API calls 9744->9745 9747 10003ef1 9745->9747 9746->9743 9825 10007697 9746->9825 9834 100074ec 9746->9834 9868 1000725d 9746->9868 9749 1000641f _strcat_s 65 API calls 9747->9749 9749->9752 9752->9699 9753->9743 9882 1000641f 9755->9882 9759 1000641f _strcat_s 65 API calls 9758->9759 9759->9752 9761 10004e7d __setmbcp 9760->9761 9762 10004e92 9761->9762 9763 10004e84 9761->9763 9764 10004ea5 9762->9764 9765 10004e99 9762->9765 9766 10003e38 _malloc 66 API calls 9763->9766 9773 10005017 9764->9773 9774 10004eb2 ___sbh_resize_block ___sbh_find_block 9764->9774 9767 10003d5b __setmbcp 66 API calls 9765->9767 9768 10004e8c _realloc __setmbcp 9766->9768 9767->9768 9768->9711 9769 1000504a 9772 100076df _realloc 6 API calls 9769->9772 9770 1000501c RtlReAllocateHeap 9770->9768 9770->9773 9771 10006688 __lock 66 API calls 9771->9774 9775 10005050 9772->9775 9773->9769 9773->9770 9776 1000506e 9773->9776 9778 100076df _realloc 6 API calls 9773->9778 9780 10005064 9773->9780 9774->9768 9774->9769 9774->9771 9784 10004f3d RtlAllocateHeap 9774->9784 9786 10004f92 RtlReAllocateHeap 9774->9786 9787 10006e9a ___sbh_alloc_block 5 API calls 9774->9787 9788 10004ffd 9774->9788 9789 100076df _realloc 6 API calls 9774->9789 9791 10004fe0 9774->9791 9792 10003f10 __VEC_memcpy _memcpy_s 9774->9792 9796 100066eb VirtualFree VirtualFree HeapFree ___sbh_free_block 9774->9796 10144 10004fb5 9774->10144 9777 1000641f _strcat_s 66 API calls 9775->9777 9776->9768 9779 1000641f _strcat_s 66 API calls 9776->9779 9777->9768 9778->9773 9781 10005077 GetLastError 9779->9781 9783 1000641f _strcat_s 66 API calls 9780->9783 9781->9768 9795 10004fe5 9783->9795 9784->9774 9785 10004fea GetLastError 9785->9768 9786->9774 9787->9774 9788->9768 9790 1000641f _strcat_s 66 API calls 9788->9790 9789->9774 9793 1000500a 9790->9793 9794 1000641f _strcat_s 66 API calls 9791->9794 9792->9774 9793->9768 9793->9781 9794->9795 9795->9768 9795->9785 9796->9774 9798 10003f28 9797->9798 9799 10003f4f __VEC_memcpy 9798->9799 9800 10003f57 9798->9800 9799->9800 9800->9711 10148 10004e66 9801->10148 9885 1000c036 9825->9885 9828 100074ec __NMSG_WRITE 66 API calls 9830 100076c3 9828->9830 9829 1000c036 __set_error_mode 66 API calls 9831 100076ab 9829->9831 9833 100074ec __NMSG_WRITE 66 API calls 9830->9833 9831->9828 9832 100076cd 9831->9832 9832->9746 9833->9832 9835 10007500 9834->9835 9836 1000c036 __set_error_mode 63 API calls 9835->9836 9867 1000765b 9835->9867 9837 10007522 9836->9837 9838 10007660 GetStdHandle 9837->9838 9840 1000c036 __set_error_mode 63 API calls 9837->9840 9839 1000766e _strlen 9838->9839 9838->9867 9843 10007687 WriteFile 9839->9843 9839->9867 9841 10007533 9840->9841 9841->9838 9842 10007545 9841->9842 9842->9867 9908 1000879e 9842->9908 9843->9867 9846 1000757b GetModuleFileNameA 9848 10007599 9846->9848 9852 100075bc _strlen 9846->9852 9850 1000879e _strcpy_s 63 API calls 9848->9850 9851 100075a9 9850->9851 9851->9852 9853 1000628f __invoke_watson 10 API calls 9851->9853 9864 100075ff 9852->9864 9924 1000bf81 9852->9924 9853->9852 9858 10007623 9859 1000bf0d _strcat_s 63 API calls 9858->9859 9863 10007637 9859->9863 9860 1000628f __invoke_watson 10 API calls 9860->9858 9861 1000628f __invoke_watson 10 API calls 9861->9864 9862 10007648 9942 1000bda4 9862->9942 9863->9862 9865 1000628f __invoke_watson 10 API calls 9863->9865 9933 1000bf0d 9864->9933 9865->9862 9867->9746 9984 10007232 GetModuleHandleW 9868->9984 9872 10003df5 __setmbcp 9871->9872 9873 10003e26 __setmbcp 9872->9873 9987 10006688 9872->9987 9873->9743 9875 10003e0b 9994 10006e9a 9875->9994 9880 10007a91 __decode_pointer 6 API calls 9879->9880 9881 100076ef 9880->9881 9881->9743 10062 10007c64 GetLastError 9882->10062 9884 10006424 9884->9758 9886 1000c045 9885->9886 9887 1000769e 9886->9887 9888 1000641f _strcat_s 66 API calls 9886->9888 9887->9829 9887->9831 9889 1000c068 9888->9889 9891 100063b7 9889->9891 9894 10007a91 TlsGetValue 9891->9894 9893 100063c7 __invoke_watson 9895 10007aa9 9894->9895 9896 10007aca GetModuleHandleW 9894->9896 9895->9896 9897 10007ab3 TlsGetValue 9895->9897 9898 10007ae5 GetProcAddress 9896->9898 9899 10007ada 9896->9899 9902 10007abe 9897->9902 9901 10007ac2 9898->9901 9904 100071d9 9899->9904 9901->9893 9902->9896 9902->9901 9905 100071e4 Sleep GetModuleHandleW 9904->9905 9906 10007202 9905->9906 9907 10007206 9905->9907 9906->9905 9906->9907 9907->9898 9907->9901 9909 100087b6 9908->9909 9910 100087af 9908->9910 9911 1000641f _strcat_s 66 API calls 9909->9911 9910->9909 9915 100087dc 9910->9915 9912 100087bb 9911->9912 9913 100063b7 _strcat_s 6 API calls 9912->9913 9914 10007567 9913->9914 9914->9846 9917 1000628f 9914->9917 9915->9914 9916 1000641f _strcat_s 66 API calls 9915->9916 9916->9912 9969 10004280 9917->9969 9919 100062bc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9920 10006398 GetCurrentProcess TerminateProcess 9919->9920 9921 1000638c __invoke_watson 9919->9921 9922 10003c98 __write_nolock 5 API calls 9920->9922 9921->9920 9923 100063b5 9922->9923 9923->9846 9928 1000bf93 9924->9928 9925 1000bf97 9926 100075ec 9925->9926 9927 1000641f _strcat_s 66 API calls 9925->9927 9926->9861 9926->9864 9932 1000bfb3 9927->9932 9928->9925 9928->9926 9930 1000bfdd 9928->9930 9929 100063b7 _strcat_s 6 API calls 9929->9926 9930->9926 9931 1000641f _strcat_s 66 API calls 9930->9931 9931->9932 9932->9929 9934 1000bf25 9933->9934 9937 1000bf1e 9933->9937 9935 1000641f _strcat_s 66 API calls 9934->9935 9936 1000bf2a 9935->9936 9938 100063b7 _strcat_s 6 API calls 9936->9938 9937->9934 9939 1000bf59 9937->9939 9940 10007612 9938->9940 9939->9940 9941 1000641f _strcat_s 66 API calls 9939->9941 9940->9858 9940->9860 9941->9936 9971 10007a88 9942->9971 9945 1000bdc7 LoadLibraryA 9946 1000bddc GetProcAddress 9945->9946 9955 1000bef1 9945->9955 9948 1000bdf2 9946->9948 9946->9955 9947 1000be4f 9950 10007a91 __decode_pointer 6 API calls 9947->9950 9964 1000be79 9947->9964 9974 10007a16 TlsGetValue 9948->9974 9949 10007a91 __decode_pointer 6 API calls 9961 1000bebc 9949->9961 9953 1000be6c 9950->9953 9952 10007a91 __decode_pointer 6 API calls 9952->9955 9956 10007a91 __decode_pointer 6 API calls 9953->9956 9955->9867 9956->9964 9957 10007a16 __encode_pointer 6 API calls 9958 1000be0d GetProcAddress 9957->9958 9959 10007a16 __encode_pointer 6 API calls 9958->9959 9960 1000be22 GetProcAddress 9959->9960 9962 10007a16 __encode_pointer 6 API calls 9960->9962 9963 10007a91 __decode_pointer 6 API calls 9961->9963 9966 1000bea4 9961->9966 9965 1000be37 9962->9965 9963->9966 9964->9949 9964->9966 9965->9947 9967 1000be41 GetProcAddress 9965->9967 9966->9952 9968 10007a16 __encode_pointer 6 API calls 9967->9968 9968->9947 9970 1000428c __VEC_memzero 9969->9970 9970->9919 9972 10007a16 __encode_pointer 6 API calls 9971->9972 9973 10007a8f 9972->9973 9973->9945 9973->9947 9975 10007a2e 9974->9975 9976 10007a4f GetModuleHandleW 9974->9976 9975->9976 9977 10007a38 TlsGetValue 9975->9977 9978 10007a6a GetProcAddress 9976->9978 9979 10007a5f 9976->9979 9982 10007a43 9977->9982 9981 10007a47 GetProcAddress 9978->9981 9980 100071d9 __crt_waiting_on_module_handle 2 API calls 9979->9980 9983 10007a65 9980->9983 9981->9957 9982->9976 9982->9981 9983->9978 9983->9981 9985 10007246 GetProcAddress 9984->9985 9986 10007256 ExitProcess 9984->9986 9985->9986 9988 100066b0 RtlEnterCriticalSection 9987->9988 9989 1000669d 9987->9989 9988->9875 10003 100065c5 9989->10003 9991 100066a3 9991->9988 10029 10007209 9991->10029 9996 10006ec8 9994->9996 9995 10006f61 9999 10003e16 9995->9999 10057 10006ab1 9995->10057 9996->9995 9996->9999 10050 10006a01 9996->10050 10000 10003e2f 9999->10000 10061 100065ae RtlLeaveCriticalSection 10000->10061 10002 10003e36 10002->9873 10004 100065d1 __setmbcp 10003->10004 10005 10007697 __FF_MSGBANNER 66 API calls 10004->10005 10018 100065f7 10004->10018 10006 100065e6 10005->10006 10009 100074ec __NMSG_WRITE 66 API calls 10006->10009 10007 10006607 __setmbcp 10007->9991 10011 100065ed 10009->10011 10010 10006612 10012 10006628 10010->10012 10013 10006619 10010->10013 10015 1000725d __mtinitlocknum 3 API calls 10011->10015 10014 10006688 __lock 66 API calls 10012->10014 10016 1000641f _strcat_s 66 API calls 10013->10016 10017 1000662f 10014->10017 10015->10018 10016->10007 10019 10006663 10017->10019 10020 10006637 10017->10020 10018->10007 10036 10008021 10018->10036 10022 10003d5b __setmbcp 66 API calls 10019->10022 10041 1000bb14 10020->10041 10024 10006654 10022->10024 10023 10006642 10023->10024 10026 10003d5b __setmbcp 66 API calls 10023->10026 10045 1000667f 10024->10045 10027 1000664e 10026->10027 10028 1000641f _strcat_s 66 API calls 10027->10028 10028->10024 10030 10007697 __FF_MSGBANNER 66 API calls 10029->10030 10031 10007213 10030->10031 10032 100074ec __NMSG_WRITE 66 API calls 10031->10032 10033 1000721b 10032->10033 10034 10007a91 __decode_pointer 6 API calls 10033->10034 10035 100066af 10034->10035 10035->9988 10037 1000802a 10036->10037 10038 10003e38 _malloc 65 API calls 10037->10038 10039 10008060 10037->10039 10040 10008041 Sleep 10037->10040 10038->10037 10039->10010 10040->10037 10048 10007180 10041->10048 10043 1000bb20 InitializeCriticalSectionAndSpinCount 10044 1000bb64 __setmbcp 10043->10044 10044->10023 10049 100065ae RtlLeaveCriticalSection 10045->10049 10047 10006686 10047->10007 10048->10043 10049->10047 10051 10006a14 RtlReAllocateHeap 10050->10051 10052 10006a48 RtlAllocateHeap 10050->10052 10053 10006a32 10051->10053 10055 10006a36 10051->10055 10052->10053 10054 10006a6b VirtualAlloc 10052->10054 10053->9995 10054->10053 10056 10006a85 HeapFree 10054->10056 10055->10052 10056->10053 10058 10006ac8 VirtualAlloc 10057->10058 10060 10006b0f 10058->10060 10060->9999 10061->10002 10077 10007b0c TlsGetValue 10062->10077 10065 10007cd1 SetLastError 10065->9884 10068 10007c97 10069 10007a91 __decode_pointer 6 API calls 10068->10069 10070 10007ca9 10069->10070 10071 10007cb0 10070->10071 10072 10007cc8 10070->10072 10088 10007b7d 10071->10088 10073 10003d5b __setmbcp 63 API calls 10072->10073 10076 10007cce 10073->10076 10075 10007cb8 GetCurrentThreadId 10075->10065 10076->10065 10078 10007b21 10077->10078 10079 10007b3c 10077->10079 10080 10007a91 __decode_pointer 6 API calls 10078->10080 10079->10065 10082 10008066 10079->10082 10081 10007b2c TlsSetValue 10080->10081 10081->10079 10084 1000806f 10082->10084 10085 10007c8f 10084->10085 10086 1000808d Sleep 10084->10086 10106 1000c081 10084->10106 10085->10065 10085->10068 10087 100080a2 10086->10087 10087->10084 10087->10085 10123 10007180 10088->10123 10090 10007b89 GetModuleHandleW 10091 10007b9f 10090->10091 10092 10007b99 10090->10092 10094 10007bb7 GetProcAddress GetProcAddress 10091->10094 10095 10007bdb 10091->10095 10093 100071d9 __crt_waiting_on_module_handle 2 API calls 10092->10093 10093->10091 10094->10095 10096 10006688 __lock 62 API calls 10095->10096 10097 10007bfa InterlockedIncrement 10096->10097 10124 10007c52 10097->10124 10100 10006688 __lock 62 API calls 10101 10007c1b 10100->10101 10127 1000a1d8 InterlockedIncrement 10101->10127 10103 10007c39 10139 10007c5b 10103->10139 10105 10007c46 __setmbcp 10105->10075 10107 1000c08d __setmbcp 10106->10107 10108 1000c0a5 10107->10108 10118 1000c0c4 _memset 10107->10118 10109 1000641f _strcat_s 65 API calls 10108->10109 10110 1000c0aa 10109->10110 10111 100063b7 _strcat_s 6 API calls 10110->10111 10113 1000c0ba __setmbcp 10111->10113 10112 1000c136 RtlAllocateHeap 10112->10118 10113->10084 10114 100076df _realloc 6 API calls 10114->10118 10115 10006688 __lock 65 API calls 10115->10118 10116 10006e9a ___sbh_alloc_block 5 API calls 10116->10118 10118->10112 10118->10113 10118->10114 10118->10115 10118->10116 10119 1000c17d 10118->10119 10122 100065ae RtlLeaveCriticalSection 10119->10122 10121 1000c184 10121->10118 10122->10121 10123->10090 10142 100065ae RtlLeaveCriticalSection 10124->10142 10126 10007c14 10126->10100 10128 1000a1f6 InterlockedIncrement 10127->10128 10129 1000a1f9 10127->10129 10128->10129 10130 1000a203 InterlockedIncrement 10129->10130 10131 1000a206 10129->10131 10130->10131 10132 1000a210 InterlockedIncrement 10131->10132 10133 1000a213 10131->10133 10132->10133 10134 1000a21d InterlockedIncrement 10133->10134 10135 1000a220 10133->10135 10134->10135 10136 1000a239 InterlockedIncrement 10135->10136 10137 1000a249 InterlockedIncrement 10135->10137 10138 1000a254 InterlockedIncrement 10135->10138 10136->10135 10137->10135 10138->10103 10143 100065ae RtlLeaveCriticalSection 10139->10143 10141 10007c62 10141->10105 10142->10126 10143->10141 10147 100065ae RtlLeaveCriticalSection 10144->10147 10146 10004fbc 10146->9774 10147->10146 10306 1000672a 10305->10306 10310 100069cc ___sbh_free_block 10305->10310 10307 10006916 VirtualFree 10306->10307 10306->10310 10308 1000697a 10307->10308 10309 10006989 VirtualFree HeapFree 10308->10309 10308->10310 10309->10310 10310->9734 10314 100065ae RtlLeaveCriticalSection 10311->10314 10313 10003db8 10313->9726 10314->10313 10316 1000dbc0 10315->10316 10317 1000db8e 10315->10317 10324 1000da8c 10316->10324 10317->10316 10319 1000db93 10317->10319 10321 1000641f _strcat_s 66 API calls 10319->10321 10320 1000dba8 10320->9740 10322 1000db98 10321->10322 10323 100063b7 _strcat_s 6 API calls 10322->10323 10323->10320 10325 1000daa2 10324->10325 10338 1000dac7 ___ascii_strnicmp 10324->10338 10340 10004dd4 10325->10340 10328 1000dab2 10330 1000641f _strcat_s 66 API calls 10328->10330 10329 1000dae7 10331 1000daf1 10329->10331 10339 1000db19 10329->10339 10332 1000dab7 10330->10332 10333 1000641f _strcat_s 66 API calls 10331->10333 10334 100063b7 _strcat_s 6 API calls 10332->10334 10335 1000daf6 10333->10335 10334->10338 10336 100063b7 _strcat_s 6 API calls 10335->10336 10336->10338 10337 1000ddc2 101 API calls __tolower_l 10337->10339 10338->10320 10339->10337 10339->10338 10341 10004de7 10340->10341 10347 10004e34 10340->10347 10348 10007cdd 10341->10348 10344 10004e14 10344->10347 10368 10009bd2 10344->10368 10347->10328 10347->10329 10349 10007c64 __getptd_noexit 66 API calls 10348->10349 10350 10007ce5 10349->10350 10351 10004dec 10350->10351 10352 10007209 __amsg_exit 66 API calls 10350->10352 10351->10344 10353 1000a33e 10351->10353 10352->10351 10354 1000a34a __setmbcp 10353->10354 10355 10007cdd __getptd 66 API calls 10354->10355 10356 1000a34f 10355->10356 10357 1000a37d 10356->10357 10359 1000a361 10356->10359 10358 10006688 __lock 66 API calls 10357->10358 10360 1000a384 10358->10360 10361 10007cdd __getptd 66 API calls 10359->10361 10384 1000a300 10360->10384 10363 1000a366 10361->10363 10366 1000a374 __setmbcp 10363->10366 10367 10007209 __amsg_exit 66 API calls 10363->10367 10366->10344 10367->10366 10369 10009bde __setmbcp 10368->10369 10370 10007cdd __getptd 66 API calls 10369->10370 10371 10009be3 10370->10371 10372 10009bf5 10371->10372 10373 10006688 __lock 66 API calls 10371->10373 10376 10009c03 __setmbcp 10372->10376 10380 10007209 __amsg_exit 66 API calls 10372->10380 10374 10009c13 10373->10374 10375 10009c5c 10374->10375 10377 10009c44 InterlockedIncrement 10374->10377 10378 10009c2a InterlockedDecrement 10374->10378 10552 10009c6d 10375->10552 10376->10347 10377->10375 10378->10377 10381 10009c35 10378->10381 10380->10376 10381->10377 10382 10003d5b __setmbcp 66 API calls 10381->10382 10383 10009c43 10382->10383 10383->10377 10385 1000a336 10384->10385 10386 1000a304 10384->10386 10392 1000a3a8 10385->10392 10386->10385 10387 1000a1d8 ___addlocaleref 8 API calls 10386->10387 10388 1000a317 10387->10388 10388->10385 10395 1000a267 10388->10395 10551 100065ae RtlLeaveCriticalSection 10392->10551 10394 1000a3af 10394->10363 10396 1000a278 InterlockedDecrement 10395->10396 10397 1000a2fb 10395->10397 10398 1000a290 10396->10398 10399 1000a28d InterlockedDecrement 10396->10399 10397->10385 10409 1000a08f 10397->10409 10400 1000a29a InterlockedDecrement 10398->10400 10401 1000a29d 10398->10401 10399->10398 10400->10401 10402 1000a2a7 InterlockedDecrement 10401->10402 10403 1000a2aa 10401->10403 10402->10403 10404 1000a2b4 InterlockedDecrement 10403->10404 10406 1000a2b7 10403->10406 10404->10406 10405 1000a2d0 InterlockedDecrement 10405->10406 10406->10405 10407 1000a2e0 InterlockedDecrement 10406->10407 10408 1000a2eb InterlockedDecrement 10406->10408 10407->10406 10408->10397 10410 1000a0a6 10409->10410 10411 1000a113 10409->10411 10410->10411 10414 1000a0da 10410->10414 10423 10003d5b __setmbcp 66 API calls 10410->10423 10412 1000a160 10411->10412 10413 10003d5b __setmbcp 66 API calls 10411->10413 10420 1000a187 10412->10420 10463 1000ccb7 10412->10463 10416 1000a134 10413->10416 10418 1000a0fb 10414->10418 10429 10003d5b __setmbcp 66 API calls 10414->10429 10419 10003d5b __setmbcp 66 API calls 10416->10419 10421 10003d5b __setmbcp 66 API calls 10418->10421 10425 1000a147 10419->10425 10422 1000a1cc 10420->10422 10433 10003d5b 66 API calls __setmbcp 10420->10433 10426 1000a108 10421->10426 10427 10003d5b __setmbcp 66 API calls 10422->10427 10428 1000a0cf 10423->10428 10424 10003d5b __setmbcp 66 API calls 10424->10420 10430 10003d5b __setmbcp 66 API calls 10425->10430 10434 10003d5b __setmbcp 66 API calls 10426->10434 10435 1000a1d2 10427->10435 10439 1000ce91 10428->10439 10431 1000a0f0 10429->10431 10432 1000a155 10430->10432 10455 1000ce4c 10431->10455 10438 10003d5b __setmbcp 66 API calls 10432->10438 10433->10420 10434->10411 10435->10385 10438->10412 10440 1000ce9e 10439->10440 10454 1000cf1b 10439->10454 10441 1000ceaf 10440->10441 10442 10003d5b __setmbcp 66 API calls 10440->10442 10443 1000cec1 10441->10443 10444 10003d5b __setmbcp 66 API calls 10441->10444 10442->10441 10445 1000ced3 10443->10445 10446 10003d5b __setmbcp 66 API calls 10443->10446 10444->10443 10447 1000cee5 10445->10447 10449 10003d5b __setmbcp 66 API calls 10445->10449 10446->10445 10448 1000cef7 10447->10448 10450 10003d5b __setmbcp 66 API calls 10447->10450 10451 1000cf09 10448->10451 10452 10003d5b __setmbcp 66 API calls 10448->10452 10449->10447 10450->10448 10453 10003d5b __setmbcp 66 API calls 10451->10453 10451->10454 10452->10451 10453->10454 10454->10414 10456 1000ce59 10455->10456 10462 1000ce8d 10455->10462 10457 10003d5b __setmbcp 66 API calls 10456->10457 10459 1000ce69 10456->10459 10457->10459 10458 1000ce7b 10461 10003d5b __setmbcp 66 API calls 10458->10461 10458->10462 10459->10458 10460 10003d5b __setmbcp 66 API calls 10459->10460 10460->10458 10461->10462 10462->10418 10464 1000ccc8 10463->10464 10465 1000a180 10463->10465 10466 10003d5b __setmbcp 66 API calls 10464->10466 10465->10424 10467 1000ccd0 10466->10467 10468 10003d5b __setmbcp 66 API calls 10467->10468 10469 1000ccd8 10468->10469 10470 10003d5b __setmbcp 66 API calls 10469->10470 10471 1000cce0 10470->10471 10472 10003d5b __setmbcp 66 API calls 10471->10472 10473 1000cce8 10472->10473 10474 10003d5b __setmbcp 66 API calls 10473->10474 10475 1000ccf0 10474->10475 10476 10003d5b __setmbcp 66 API calls 10475->10476 10477 1000ccf8 10476->10477 10478 10003d5b __setmbcp 66 API calls 10477->10478 10479 1000ccff 10478->10479 10480 10003d5b __setmbcp 66 API calls 10479->10480 10481 1000cd07 10480->10481 10482 10003d5b __setmbcp 66 API calls 10481->10482 10483 1000cd0f 10482->10483 10484 10003d5b __setmbcp 66 API calls 10483->10484 10485 1000cd17 10484->10485 10486 10003d5b __setmbcp 66 API calls 10485->10486 10487 1000cd1f 10486->10487 10488 10003d5b __setmbcp 66 API calls 10487->10488 10489 1000cd27 10488->10489 10490 10003d5b __setmbcp 66 API calls 10489->10490 10491 1000cd2f 10490->10491 10492 10003d5b __setmbcp 66 API calls 10491->10492 10493 1000cd37 10492->10493 10494 10003d5b __setmbcp 66 API calls 10493->10494 10495 1000cd3f 10494->10495 10496 10003d5b __setmbcp 66 API calls 10495->10496 10497 1000cd47 10496->10497 10498 10003d5b __setmbcp 66 API calls 10497->10498 10499 1000cd52 10498->10499 10500 10003d5b __setmbcp 66 API calls 10499->10500 10501 1000cd5a 10500->10501 10502 10003d5b __setmbcp 66 API calls 10501->10502 10503 1000cd62 10502->10503 10504 10003d5b __setmbcp 66 API calls 10503->10504 10505 1000cd6a 10504->10505 10506 10003d5b __setmbcp 66 API calls 10505->10506 10507 1000cd72 10506->10507 10551->10394 10555 100065ae RtlLeaveCriticalSection 10552->10555 10554 10009c74 10554->10372 10555->10554 10557 10003cd4 10556->10557 10558 10003cb7 10556->10558 10557->10558 10560 10003cdb 10557->10560 10559 1000641f _strcat_s 66 API calls 10558->10559 10561 10003cbc 10559->10561 10567 100056e8 10560->10567 10563 100063b7 _strcat_s 6 API calls 10561->10563 10565 10003ccc 10563->10565 10564 10003d01 10564->10565 10596 100054de 10564->10596 10565->9650 10568 10004dd4 _LocaleUpdate::_LocaleUpdate 76 API calls 10567->10568 10569 1000574f 10568->10569 10570 10005753 10569->10570 10587 10005794 __output_l __aulldvrm _strlen 10569->10587 10617 1000b83d 10569->10617 10571 1000641f _strcat_s 66 API calls 10570->10571 10572 10005758 10571->10572 10574 100063b7 _strcat_s 6 API calls 10572->10574 10575 1000576a 10574->10575 10576 10003c98 __write_nolock 5 API calls 10575->10576 10577 1000625d 10576->10577 10577->10564 10579 10005642 100 API calls __output_l 10579->10587 10580 10005d82 10589 10005b38 10580->10589 10581 10005afb 10581->10580 10584 10005d9b 10581->10584 10581->10589 10582 10003d5b __setmbcp 66 API calls 10582->10587 10583 10007a91 __decode_pointer 6 API calls 10591 10005e36 10583->10591 10588 10008021 __malloc_crt 66 API calls 10584->10588 10584->10589 10585 1000569b 100 API calls _write_string 10585->10587 10586 1000b9fc 78 API calls __cftof 10586->10587 10587->10570 10587->10575 10587->10579 10587->10581 10587->10582 10587->10585 10587->10586 10595 10005675 100 API calls _write_multi_char 10587->10595 10623 1000ba19 10587->10623 10588->10589 10589->10583 10590 10005e65 10592 10005e8a 10590->10592 10594 10007a91 __decode_pointer 6 API calls 10590->10594 10591->10590 10593 10007a91 __decode_pointer 6 API calls 10591->10593 10592->10564 10593->10590 10594->10592 10595->10587 10597 1000b83d __fileno 66 API calls 10596->10597 10598 100054ee 10597->10598 10599 10005510 10598->10599 10600 100054f9 10598->10600 10602 10005514 10599->10602 10610 10005521 __flsbuf 10599->10610 10601 1000641f _strcat_s 66 API calls 10600->10601 10603 100054fe 10601->10603 10604 1000641f _strcat_s 66 API calls 10602->10604 10603->10565 10604->10603 10605 10005611 10607 1000b6b4 __locking 100 API calls 10605->10607 10606 10005591 10608 100055a8 10606->10608 10612 100055c5 10606->10612 10607->10603 10638 1000b6b4 10608->10638 10610->10603 10613 10005577 10610->10613 10616 10005582 10610->10616 10626 1000b7d9 10610->10626 10612->10603 10663 1000ae68 10612->10663 10613->10616 10635 1000b790 10613->10635 10616->10605 10616->10606 10618 1000b861 10617->10618 10619 1000b84c 10617->10619 10618->10587 10620 1000641f _strcat_s 66 API calls 10619->10620 10621 1000b851 10620->10621 10622 100063b7 _strcat_s 6 API calls 10621->10622 10622->10618 10624 10004dd4 _LocaleUpdate::_LocaleUpdate 76 API calls 10623->10624 10625 1000ba2c 10624->10625 10625->10587 10627 1000b7f5 10626->10627 10628 1000b7e6 10626->10628 10631 1000b819 10627->10631 10632 1000641f _strcat_s 66 API calls 10627->10632 10629 1000641f _strcat_s 66 API calls 10628->10629 10630 1000b7eb 10629->10630 10630->10613 10631->10613 10633 1000b809 10632->10633 10634 100063b7 _strcat_s 6 API calls 10633->10634 10634->10631 10636 10008021 __malloc_crt 66 API calls 10635->10636 10637 1000b7a5 10636->10637 10637->10616 10639 1000b6c0 __setmbcp 10638->10639 10640 1000b6c8 10639->10640 10643 1000b6e3 10639->10643 10770 10006432 10640->10770 10642 1000b6f1 10645 10006432 __write_nolock 66 API calls 10642->10645 10643->10642 10646 1000b732 10643->10646 10648 1000b6f6 10645->10648 10695 1000d167 10646->10695 10647 1000641f _strcat_s 66 API calls 10656 1000b6d5 __setmbcp 10647->10656 10650 1000641f _strcat_s 66 API calls 10648->10650 10652 1000b6fd 10650->10652 10651 1000b738 10653 1000b745 10651->10653 10654 1000b75b 10651->10654 10655 100063b7 _strcat_s 6 API calls 10652->10655 10705 1000af81 10653->10705 10658 1000641f _strcat_s 66 API calls 10654->10658 10655->10656 10656->10603 10660 1000b760 10658->10660 10659 1000b753 10773 1000b786 10659->10773 10661 10006432 __write_nolock 66 API calls 10660->10661 10661->10659 10664 1000ae74 __setmbcp 10663->10664 10665 1000aea1 10664->10665 10666 1000ae85 10664->10666 10667 1000aeaf 10665->10667 10669 1000aed0 10665->10669 10668 10006432 __write_nolock 66 API calls 10666->10668 10670 10006432 __write_nolock 66 API calls 10667->10670 10671 1000ae8a 10668->10671 10673 1000aef0 10669->10673 10674 1000af16 10669->10674 10672 1000aeb4 10670->10672 10675 1000641f _strcat_s 66 API calls 10671->10675 10677 1000641f _strcat_s 66 API calls 10672->10677 10678 10006432 __write_nolock 66 API calls 10673->10678 10676 1000d167 ___lock_fhandle 67 API calls 10674->10676 10679 1000ae92 __setmbcp 10675->10679 10680 1000af1c 10676->10680 10681 1000aebb 10677->10681 10682 1000aef5 10678->10682 10679->10603 10683 1000af45 10680->10683 10684 1000af29 10680->10684 10685 100063b7 _strcat_s 6 API calls 10681->10685 10686 1000641f _strcat_s 66 API calls 10682->10686 10688 1000641f _strcat_s 66 API calls 10683->10688 10687 1000ade3 __lseeki64_nolock 68 API calls 10684->10687 10685->10679 10689 1000aefc 10686->10689 10692 1000af3a 10687->10692 10690 1000af4a 10688->10690 10691 100063b7 _strcat_s 6 API calls 10689->10691 10693 10006432 __write_nolock 66 API calls 10690->10693 10691->10679 10812 1000af77 10692->10812 10693->10692 10696 1000d173 __setmbcp 10695->10696 10697 1000d1ce 10696->10697 10700 10006688 __lock 66 API calls 10696->10700 10698 1000d1f0 __setmbcp 10697->10698 10699 1000d1d3 RtlEnterCriticalSection 10697->10699 10698->10651 10699->10698 10701 1000d19f 10700->10701 10702 1000d1b6 10701->10702 10704 1000bb14 __mtinitlocknum InitializeCriticalSectionAndSpinCount 10701->10704 10776 1000d1fe 10702->10776 10704->10702 10706 1000af90 __write_nolock 10705->10706 10707 1000afc2 10706->10707 10708 1000afe9 10706->10708 10741 1000afb7 10706->10741 10710 10006432 __write_nolock 66 API calls 10707->10710 10711 1000b051 10708->10711 10712 1000b02b 10708->10712 10709 10003c98 __write_nolock 5 API calls 10713 1000b6b2 10709->10713 10714 1000afc7 10710->10714 10716 1000b057 10711->10716 10717 1000b068 10711->10717 10715 10006432 __write_nolock 66 API calls 10712->10715 10713->10659 10718 1000641f _strcat_s 66 API calls 10714->10718 10719 1000b030 10715->10719 10780 1000ade3 10716->10780 10722 1000b7d9 __write_nolock 66 API calls 10717->10722 10721 1000afce 10718->10721 10724 1000641f _strcat_s 66 API calls 10719->10724 10726 100063b7 _strcat_s 6 API calls 10721->10726 10723 1000b070 10722->10723 10727 1000b316 10723->10727 10732 10007cdd __getptd 66 API calls 10723->10732 10728 1000b039 10724->10728 10726->10741 10730 1000b5e5 WriteFile 10727->10730 10731 1000b326 10727->10731 10729 100063b7 _strcat_s 6 API calls 10728->10729 10729->10741 10735 1000b4df 10730->10735 10736 1000b618 GetLastError 10730->10736 10733 1000b404 10731->10733 10759 1000b33a 10731->10759 10734 1000b08b GetConsoleMode 10732->10734 10744 1000b413 10733->10744 10748 1000b4e4 10733->10748 10734->10727 10738 1000b0b6 10734->10738 10739 1000b2f8 10735->10739 10736->10739 10737 1000b663 10737->10741 10742 1000641f _strcat_s 66 API calls 10737->10742 10738->10727 10740 1000b0c8 GetConsoleCP 10738->10740 10739->10737 10739->10741 10743 1000b636 10739->10743 10740->10739 10768 1000b0eb 10740->10768 10741->10709 10746 1000b686 10742->10746 10749 1000b641 10743->10749 10750 1000b655 10743->10750 10744->10737 10753 1000b488 WriteFile 10744->10753 10745 1000b3a8 WriteFile 10745->10736 10745->10759 10755 10006432 __write_nolock 66 API calls 10746->10755 10747 1000b54a WideCharToMultiByte 10747->10736 10752 1000b581 WriteFile 10747->10752 10748->10737 10748->10747 10751 1000641f _strcat_s 66 API calls 10749->10751 10793 10006445 10750->10793 10756 1000b646 10751->10756 10758 1000b5b8 GetLastError 10752->10758 10762 1000b5ac 10752->10762 10753->10736 10757 1000b41e 10753->10757 10755->10741 10760 10006432 __write_nolock 66 API calls 10756->10760 10757->10735 10757->10739 10757->10744 10758->10762 10759->10737 10759->10739 10759->10745 10760->10741 10762->10735 10762->10739 10762->10748 10762->10752 10763 1000d22e 11 API calls __putwch_nolock 10767 1000b1ef 10763->10767 10764 1000b197 WideCharToMultiByte 10764->10739 10766 1000b1c8 WriteFile 10764->10766 10765 1000d40a 78 API calls __fassign 10765->10768 10766->10736 10766->10767 10767->10736 10767->10739 10767->10763 10767->10768 10769 1000b21c WriteFile 10767->10769 10768->10739 10768->10764 10768->10765 10768->10767 10790 1000ba51 10768->10790 10769->10736 10769->10767 10771 10007c64 __getptd_noexit 66 API calls 10770->10771 10772 10006437 10771->10772 10772->10647 10811 1000d207 RtlLeaveCriticalSection 10773->10811 10775 1000b78e 10775->10656 10779 100065ae RtlLeaveCriticalSection 10776->10779 10778 1000d205 10778->10697 10779->10778 10798 1000d0f0 10780->10798 10782 1000ae01 10783 1000ae09 10782->10783 10784 1000ae1a SetFilePointer 10782->10784 10785 1000641f _strcat_s 66 API calls 10783->10785 10786 1000ae32 GetLastError 10784->10786 10787 1000ae0e 10784->10787 10785->10787 10786->10787 10788 1000ae3c 10786->10788 10787->10717 10789 10006445 __dosmaperr 66 API calls 10788->10789 10789->10787 10791 1000ba19 __isleadbyte_l 76 API calls 10790->10791 10792 1000ba60 10791->10792 10792->10768 10794 10006432 __write_nolock 66 API calls 10793->10794 10795 10006450 _realloc 10794->10795 10796 1000641f _strcat_s 66 API calls 10795->10796 10797 10006463 10796->10797 10797->10741 10799 1000d0fd 10798->10799 10802 1000d115 10798->10802 10800 10006432 __write_nolock 66 API calls 10799->10800 10801 1000d102 10800->10801 10804 1000641f _strcat_s 66 API calls 10801->10804 10803 10006432 __write_nolock 66 API calls 10802->10803 10805 1000d15a 10802->10805 10806 1000d143 10803->10806 10807 1000d10a 10804->10807 10805->10782 10808 1000641f _strcat_s 66 API calls 10806->10808 10807->10782 10809 1000d14a 10808->10809 10810 100063b7 _strcat_s 6 API calls 10809->10810 10810->10805 10811->10775 10815 1000d207 RtlLeaveCriticalSection 10812->10815 10814 1000af7f 10814->10679 10815->10814 10817 100028c3 10816->10817 10818 10002829 LookupPrivilegeValueA 10816->10818 10821 10003c98 __write_nolock 5 API calls 10817->10821 10819 10002892 AdjustTokenPrivileges 10818->10819 10820 100028b9 CloseHandle 10818->10820 10819->10820 10820->10817 10822 100028ce 6 API calls 10821->10822 10822->9675 10822->9676 10824 1000444f __setmbcp 10823->10824 10825 1000447a __flsbuf 10824->10825 10826 1000445d 10824->10826 10841 100082bb 10825->10841 10827 1000641f _strcat_s 66 API calls 10826->10827 10828 10004462 10827->10828 10829 100063b7 _strcat_s 6 API calls 10828->10829 10832 10004472 __setmbcp 10829->10832 10831 1000448c __flsbuf 10846 10008358 10831->10846 10832->9691 10834 1000449e __flsbuf 10835 100056e8 __output_l 102 API calls 10834->10835 10836 100044b6 __flsbuf 10835->10836 10855 100083f4 10836->10855 10840->9676 10842 100082c8 10841->10842 10843 100082de RtlEnterCriticalSection 10841->10843 10844 10006688 __lock 66 API calls 10842->10844 10843->10831 10845 100082d1 10844->10845 10845->10831 10847 1000b83d __fileno 66 API calls 10846->10847 10848 10008367 10847->10848 10849 1000b7d9 __write_nolock 66 API calls 10848->10849 10850 1000836d __flsbuf 10849->10850 10851 100083d4 10850->10851 10852 100083b4 10850->10852 10851->10834 10853 10008021 __malloc_crt 66 API calls 10852->10853 10854 100083ba 10853->10854 10854->10851 10856 100044c7 10855->10856 10857 100083ff 10855->10857 10859 100044df 10856->10859 10857->10856 10863 1000c23e 10857->10863 10860 100044e4 __flsbuf 10859->10860 10869 10008329 10860->10869 10862 100044ef 10862->10832 10864 1000c279 10863->10864 10865 1000c257 10863->10865 10864->10856 10865->10864 10866 1000b83d __fileno 66 API calls 10865->10866 10867 1000c272 10866->10867 10868 1000b6b4 __locking 100 API calls 10867->10868 10868->10864 10870 10008339 10869->10870 10871 1000834c RtlLeaveCriticalSection 10869->10871 10874 100065ae RtlLeaveCriticalSection 10870->10874 10871->10862 10873 10008349 10873->10862 10874->10873 10876 10004280 _memset 10875->10876 10877 10002639 socket 10876->10877 10878 1000265f htons htonl ioctlsocket 10877->10878 10882 10002659 moneypunct 10877->10882 10879 100026a1 connect 10878->10879 10880 1000279f 10878->10880 10886 100026b8 select 10879->10886 10895 100027e3 ReleaseSemaphore closesocket 10880->10895 10883 10003c98 __write_nolock 5 API calls 10882->10883 10885 100027d4 10883->10885 10886->10880 10887 10002704 10886->10887 10887->10880 10888 1000270c send 10887->10888 10888->10880 10890 10002724 select 10888->10890 10890->10880 10891 10002770 10890->10891 10891->10880 10892 10002774 recv 10891->10892 10892->10880 10893 1000278c inet_ntoa 10892->10893 10896 100024e0 10893->10896 10895->10882 10912 100010c0 socket inet_addr htons connect 10896->10912 10898 10002508 10919 10001180 10898->10919 10900 100025a5 closesocket 10901 10003c98 __write_nolock 5 API calls 10900->10901 10902 100025bc 10901->10902 10902->10880 10903 10002515 _memset 10903->10900 10925 100011d0 10903->10925 10905 10002550 10906 100025a1 10905->10906 10933 100012a0 10905->10933 10906->10900 10910 1000258c 10910->10906 10911 10004443 _printf 104 API calls 10910->10911 10911->10906 10913 10001122 10912->10913 10914 10001137 setsockopt setsockopt 10912->10914 10915 10003c98 __write_nolock 5 API calls 10913->10915 10916 10003c98 __write_nolock 5 API calls 10914->10916 10918 10001131 10915->10918 10917 10001174 10916->10917 10917->10898 10918->10898 10985 10001070 send Sleep 10919->10985 10921 10001195 10922 1000119e 10921->10922 10986 100010a0 recv 10921->10986 10922->10903 10924 100011b7 10924->10903 10987 10001070 send Sleep 10925->10987 10927 100011e5 10928 100011ee 10927->10928 10988 100010a0 recv 10927->10988 10928->10905 10930 10001207 10930->10928 10989 10002240 10930->10989 10932 1000124c 10932->10905 10934 100012aa __write_nolock 10933->10934 10935 10003ca7 _sprintf 102 API calls 10934->10935 10936 100012e7 10935->10936 10936->10936 11112 10001070 send Sleep 10936->11112 10938 1000137a 10939 10001383 10938->10939 11113 100010a0 recv 10938->11113 10941 10003c98 __write_nolock 5 API calls 10939->10941 10942 100013b9 10941->10942 10942->10906 10943 100015b0 10942->10943 10944 100015c3 10943->10944 10945 100015c9 10943->10945 10944->10910 11114 100013d0 10945->11114 10985->10921 10986->10924 10987->10927 10988->10930 10990 1000247e 10989->10990 10991 1000225e 10989->10991 10992 10003c98 __write_nolock 5 API calls 10990->10992 10991->10990 10994 10002272 10991->10994 10993 1000248d 10992->10993 10993->10932 11042 100019e0 10994->11042 10996 10002284 10997 100022a3 10996->10997 10998 1000228a 10996->10998 11050 10001c90 10997->11050 11000 10003c98 __write_nolock 5 API calls 10998->11000 11001 1000229d 11000->11001 11001->10932 11002 100022b9 11003 10002332 11002->11003 11004 10003e38 _malloc 66 API calls 11002->11004 11058 10001980 11003->11058 11006 10002325 11004->11006 11006->11003 11008 10002350 11006->11008 11043 10003e38 _malloc 66 API calls 11042->11043 11048 100019ee _memset 11043->11048 11044 10001a79 11044->10996 11045 10003e38 _malloc 66 API calls 11045->11048 11046 10001a83 11047 10001980 68 API calls 11046->11047 11049 10001a8d 11047->11049 11048->11044 11048->11045 11048->11046 11049->10996 11051 10001c9c 11050->11051 11052 10001d0e 11050->11052 11051->11052 11085 10001aa0 WSAStartup 11051->11085 11052->11002 11059 1000198c 11058->11059 11065 100019d3 11058->11065 11086 10001af7 11085->11086 11087 10001ac7 11085->11087 11089 10003c98 __write_nolock 5 API calls 11086->11089 11088 10001aec WSACleanup 11087->11088 11090 10001ad5 11087->11090 11088->11086 11091 10001b05 11089->11091 11092 10003c98 __write_nolock 5 API calls 11090->11092 11112->10938 11113->10939 11160 10001070 send Sleep 11114->11160 11116 10001402 11117 1000140b 11116->11117 11161 100010a0 recv 11116->11161 11160->11116 11173->9616 11174 402180 11175 402191 11174->11175 11209 40280c HeapCreate 11175->11209 11178 4021cf 11211 404e53 GetModuleHandleW 11178->11211 11182 4021e0 __RTC_Initialize 11245 4047a3 11182->11245 11183 40213d _fast_error_exit 62 API calls 11183->11182 11185 4021ef 11186 4021fb GetCommandLineA 11185->11186 11345 403cec 11185->11345 11260 40466c 11186->11260 11192 402215 11193 402220 11192->11193 11194 403cec __amsg_exit 62 API calls 11192->11194 11296 404339 11193->11296 11194->11193 11197 402231 11310 403dab 11197->11310 11198 403cec __amsg_exit 62 API calls 11198->11197 11200 402239 11201 402244 11200->11201 11202 403cec __amsg_exit 62 API calls 11200->11202 11316 401730 11201->11316 11202->11201 11205 402273 11355 403f88 11205->11355 11208 402278 __msize 11210 4021c3 11209->11210 11210->11178 11337 40213d 11210->11337 11212 404e67 11211->11212 11213 404e6e 11211->11213 11358 403cbc 11212->11358 11215 404fd6 11213->11215 11216 404e78 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 11213->11216 11417 404b6d 11215->11417 11218 404ec1 TlsAlloc 11216->11218 11221 4021d5 11218->11221 11222 404f0f TlsSetValue 11218->11222 11221->11182 11221->11183 11222->11221 11223 404f20 11222->11223 11362 403fa6 11223->11362 11228 404a43 __encode_pointer 6 API calls 11229 404f40 11228->11229 11230 404a43 __encode_pointer 6 API calls 11229->11230 11231 404f50 11230->11231 11232 404a43 __encode_pointer 6 API calls 11231->11232 11233 404f60 11232->11233 11379 40265d 11233->11379 11240 404abe __decode_pointer 6 API calls 11241 404fb4 11240->11241 11241->11215 11242 404fbb 11241->11242 11399 404baa 11242->11399 11244 404fc3 GetCurrentThreadId 11244->11221 11724 40341c 11245->11724 11247 4047af GetStartupInfoA 11248 405287 __calloc_crt 62 API calls 11247->11248 11254 4047d0 11248->11254 11249 4049ee __msize 11249->11185 11250 40496b GetStdHandle 11255 404935 11250->11255 11251 405287 __calloc_crt 62 API calls 11251->11254 11252 4049d0 SetHandleCount 11252->11249 11253 40497d GetFileType 11253->11255 11254->11249 11254->11251 11254->11255 11258 4048b8 11254->11258 11255->11249 11255->11250 11255->11252 11255->11253 11256 4051e2 __mtinitlocknum InitializeCriticalSectionAndSpinCount 11255->11256 11256->11255 11257 4048e1 GetFileType 11257->11258 11258->11249 11258->11255 11258->11257 11259 4051e2 __mtinitlocknum InitializeCriticalSectionAndSpinCount 11258->11259 11259->11258 11261 40468a GetEnvironmentStringsW 11260->11261 11267 4046a9 11260->11267 11262 404692 11261->11262 11263 40469e GetLastError 11261->11263 11265 4046c5 GetEnvironmentStringsW 11262->11265 11271 4046d4 11262->11271 11263->11267 11264 404742 11266 40474b GetEnvironmentStrings 11264->11266 11268 40220b 11264->11268 11265->11268 11265->11271 11266->11268 11269 40475b 11266->11269 11267->11262 11267->11264 11285 4045b1 11268->11285 11274 405242 __malloc_crt 62 API calls 11269->11274 11270 4046e9 WideCharToMultiByte 11272 404737 FreeEnvironmentStringsW 11270->11272 11273 404708 11270->11273 11271->11270 11271->11271 11272->11268 11275 405242 __malloc_crt 62 API calls 11273->11275 11276 404775 11274->11276 11277 40470e 11275->11277 11278 404788 11276->11278 11279 40477c FreeEnvironmentStringsA 11276->11279 11277->11272 11280 404716 WideCharToMultiByte 11277->11280 11283 404792 FreeEnvironmentStringsA 11278->11283 11279->11268 11281 404730 11280->11281 11282 404728 11280->11282 11281->11272 11284 401fa5 __setenvp 62 API calls 11282->11284 11283->11268 11284->11281 11286 4045c6 11285->11286 11287 4045cb GetModuleFileNameA 11285->11287 11725 40600a 11286->11725 11289 4045f2 11287->11289 11729 404417 11289->11729 11291 40464e 11291->11192 11293 405242 __malloc_crt 62 API calls 11294 404634 11293->11294 11294->11291 11295 404417 _parse_cmdline 72 API calls 11294->11295 11295->11291 11297 404342 11296->11297 11300 404347 _strlen 11296->11300 11298 40600a ___initmbctable 106 API calls 11297->11298 11298->11300 11299 405287 __calloc_crt 62 API calls 11308 40437c _strlen 11299->11308 11300->11299 11303 402226 11300->11303 11301 4043da 11302 401fa5 __setenvp 62 API calls 11301->11302 11302->11303 11303->11197 11303->11198 11304 405287 __calloc_crt 62 API calls 11304->11308 11305 404400 11306 401fa5 __setenvp 62 API calls 11305->11306 11306->11303 11307 4064e5 _strcpy_s 62 API calls 11307->11308 11308->11301 11308->11303 11308->11304 11308->11305 11308->11307 11309 405085 __invoke_watson 10 API calls 11308->11309 11309->11308 11312 403db9 __IsNonwritableInCurrentImage 11310->11312 12142 4067c5 11312->12142 11313 403dd7 __initterm_e 11315 403df6 __IsNonwritableInCurrentImage __initterm 11313->11315 12146 403c09 11313->12146 11315->11200 11317 401981 11316->11317 11318 40175a lstrcmpiA 11316->11318 11321 402033 ___ansicp 5 API calls 11317->11321 11319 401770 11318->11319 11320 401777 lstrcmpiA 11318->11320 12246 4020d8 11319->12246 11320->11319 11322 40178d lstrcmpiA 11320->11322 11323 401996 11321->11323 11322->11317 11322->11319 11323->11205 11352 403f5c 11323->11352 11325 4017af 12258 4016a0 11325->12258 11327 401978 12295 402042 11327->12295 11329 4017f4 11329->11327 11330 4018a3 lstrlen 11329->11330 11331 40190d 11330->11331 12262 401450 11331->12262 11333 40191f 11333->11327 12281 401310 11333->12281 11335 401961 12286 4013c0 11335->12286 11338 402150 11337->11338 11339 40214b 11337->11339 11341 403ff4 __NMSG_WRITE 62 API calls 11338->11341 11340 40419f __FF_MSGBANNER 62 API calls 11339->11340 11340->11338 11342 402158 11341->11342 11343 403d40 _doexit 3 API calls 11342->11343 11344 402162 11343->11344 11344->11178 11346 40419f __FF_MSGBANNER 62 API calls 11345->11346 11347 403cf6 11346->11347 11348 403ff4 __NMSG_WRITE 62 API calls 11347->11348 11349 403cfe 11348->11349 11350 404abe __decode_pointer 6 API calls 11349->11350 11351 4021fa 11350->11351 11351->11186 12687 403e30 11352->12687 11354 403f6d 11354->11205 11356 403e30 _doexit 62 API calls 11355->11356 11357 403f93 11356->11357 11357->11208 11359 403cc7 Sleep GetModuleHandleW 11358->11359 11360 403ce5 11359->11360 11361 403ce9 11359->11361 11360->11359 11360->11361 11361->11213 11423 404ab5 11362->11423 11364 403fae __init_pointers __initp_misc_winsig 11426 4067b4 11364->11426 11367 404a43 __encode_pointer 6 API calls 11368 403fea 11367->11368 11369 404a43 TlsGetValue 11368->11369 11370 404a5b 11369->11370 11371 404a7c GetModuleHandleW 11369->11371 11370->11371 11372 404a65 TlsGetValue 11370->11372 11373 404a97 GetProcAddress 11371->11373 11374 404a8c 11371->11374 11376 404a70 11372->11376 11378 404a74 11373->11378 11375 403cbc __crt_waiting_on_module_handle 2 API calls 11374->11375 11377 404a92 11375->11377 11376->11371 11376->11378 11377->11373 11377->11378 11378->11228 11380 402668 11379->11380 11382 402696 11380->11382 11429 4051e2 11380->11429 11382->11215 11383 404abe TlsGetValue 11382->11383 11384 404ad6 11383->11384 11385 404af7 GetModuleHandleW 11383->11385 11384->11385 11388 404ae0 TlsGetValue 11384->11388 11386 404b12 GetProcAddress 11385->11386 11387 404b07 11385->11387 11390 404aef 11386->11390 11389 403cbc __crt_waiting_on_module_handle 2 API calls 11387->11389 11391 404aeb 11388->11391 11392 404b0d 11389->11392 11390->11215 11393 405287 11390->11393 11391->11385 11391->11390 11392->11386 11392->11390 11395 405290 11393->11395 11396 404f9a 11395->11396 11397 4052ae Sleep 11395->11397 11434 406d5e 11395->11434 11396->11215 11396->11240 11398 4052c3 11397->11398 11398->11395 11398->11396 11703 40341c 11399->11703 11401 404bb6 GetModuleHandleW 11402 404bc6 11401->11402 11403 404bcc 11401->11403 11406 403cbc __crt_waiting_on_module_handle 2 API calls 11402->11406 11404 404be4 GetProcAddress GetProcAddress 11403->11404 11405 404c08 11403->11405 11404->11405 11407 4027d9 __lock 58 API calls 11405->11407 11406->11403 11408 404c27 InterlockedIncrement 11407->11408 11704 404c7f 11408->11704 11411 4027d9 __lock 58 API calls 11412 404c48 11411->11412 11707 406171 InterlockedIncrement 11412->11707 11414 404c66 11719 404c88 11414->11719 11416 404c73 __msize 11416->11244 11418 404b77 11417->11418 11419 404b83 11417->11419 11420 404abe __decode_pointer 6 API calls 11418->11420 11421 404ba5 11419->11421 11422 404b97 TlsFree 11419->11422 11420->11419 11421->11421 11422->11421 11424 404a43 __encode_pointer 6 API calls 11423->11424 11425 404abc 11424->11425 11425->11364 11427 404a43 __encode_pointer 6 API calls 11426->11427 11428 403fe0 11427->11428 11428->11367 11433 40341c 11429->11433 11431 4051ee InitializeCriticalSectionAndSpinCount 11432 405232 __msize 11431->11432 11432->11380 11433->11431 11435 406d6a __msize 11434->11435 11436 406d82 11435->11436 11446 406da1 _memset 11435->11446 11447 402613 11436->11447 11440 406e13 RtlAllocateHeap 11440->11446 11441 406d97 __msize 11441->11395 11446->11440 11446->11441 11453 4027d9 11446->11453 11460 40301b 11446->11460 11466 406e5a 11446->11466 11469 402635 11446->11469 11472 404c91 GetLastError 11447->11472 11449 402618 11450 4051ad 11449->11450 11451 404abe __decode_pointer 6 API calls 11450->11451 11452 4051bd __invoke_watson 11451->11452 11454 402801 RtlEnterCriticalSection 11453->11454 11455 4027ee 11453->11455 11454->11446 11498 402716 11455->11498 11457 4027f4 11457->11454 11458 403cec __amsg_exit 61 API calls 11457->11458 11459 402800 11458->11459 11459->11454 11461 403049 11460->11461 11463 4030eb 11461->11463 11465 4030e2 11461->11465 11691 402b82 11461->11691 11463->11446 11465->11463 11698 402c32 11465->11698 11702 4026ff RtlLeaveCriticalSection 11466->11702 11468 406e61 11468->11446 11470 404abe __decode_pointer 6 API calls 11469->11470 11471 402645 11470->11471 11471->11446 11487 404b39 TlsGetValue 11472->11487 11475 404cfe SetLastError 11475->11449 11476 405287 __calloc_crt 59 API calls 11477 404cbc 11476->11477 11477->11475 11478 404cc4 11477->11478 11479 404abe __decode_pointer 6 API calls 11478->11479 11480 404cd6 11479->11480 11481 404cf5 11480->11481 11482 404cdd 11480->11482 11492 401fa5 11481->11492 11483 404baa __initptd 59 API calls 11482->11483 11485 404ce5 GetCurrentThreadId 11483->11485 11485->11475 11486 404cfb 11486->11475 11488 404b69 11487->11488 11489 404b4e 11487->11489 11488->11475 11488->11476 11490 404abe __decode_pointer 6 API calls 11489->11490 11491 404b59 TlsSetValue 11490->11491 11491->11488 11493 401fb1 __msize 11492->11493 11494 40202d __msize 11493->11494 11495 402004 HeapFree 11493->11495 11494->11486 11495->11494 11496 402017 11495->11496 11497 402613 __msize 61 API calls 11496->11497 11497->11494 11499 402722 __msize 11498->11499 11500 402748 11499->11500 11524 40419f 11499->11524 11508 402758 __msize 11500->11508 11570 405242 11500->11570 11506 402779 11511 4027d9 __lock 62 API calls 11506->11511 11507 40276a 11510 402613 __msize 62 API calls 11507->11510 11508->11457 11510->11508 11513 402780 11511->11513 11514 4027b4 11513->11514 11515 402788 11513->11515 11516 401fa5 __setenvp 62 API calls 11514->11516 11517 4051e2 __mtinitlocknum InitializeCriticalSectionAndSpinCount 11515->11517 11518 4027a5 11516->11518 11519 402793 11517->11519 11576 4027d0 11518->11576 11519->11518 11520 401fa5 __setenvp 62 API calls 11519->11520 11522 40279f 11520->11522 11523 402613 __msize 62 API calls 11522->11523 11523->11518 11579 406ca8 11524->11579 11527 4041b3 11529 403ff4 __NMSG_WRITE 62 API calls 11527->11529 11532 402737 11527->11532 11528 406ca8 __set_error_mode 62 API calls 11528->11527 11530 4041cb 11529->11530 11531 403ff4 __NMSG_WRITE 62 API calls 11530->11531 11531->11532 11533 403ff4 11532->11533 11534 404008 11533->11534 11535 40273e 11534->11535 11536 406ca8 __set_error_mode 59 API calls 11534->11536 11567 403d40 11535->11567 11537 40402a 11536->11537 11538 404168 GetStdHandle 11537->11538 11540 406ca8 __set_error_mode 59 API calls 11537->11540 11538->11535 11539 404176 _strlen 11538->11539 11539->11535 11543 40418f WriteFile 11539->11543 11541 40403b 11540->11541 11541->11538 11542 40404d 11541->11542 11542->11535 11585 4064e5 11542->11585 11543->11535 11546 404083 GetModuleFileNameA 11548 4040a1 11546->11548 11552 4040c4 _strlen 11546->11552 11550 4064e5 _strcpy_s 59 API calls 11548->11550 11551 4040b1 11550->11551 11551->11552 11554 405085 __invoke_watson 10 API calls 11551->11554 11553 404107 11552->11553 11601 406bf3 11552->11601 11610 406b7f 11553->11610 11554->11552 11559 40412b 11560 406b7f _strcat_s 59 API calls 11559->11560 11562 40413f 11560->11562 11561 405085 __invoke_watson 10 API calls 11561->11559 11564 404150 11562->11564 11565 405085 __invoke_watson 10 API calls 11562->11565 11563 405085 __invoke_watson 10 API calls 11563->11553 11619 406a16 11564->11619 11565->11564 11657 403d15 GetModuleHandleW 11567->11657 11572 40524b 11570->11572 11573 402763 11572->11573 11574 405262 Sleep 11572->11574 11660 40334f 11572->11660 11573->11506 11573->11507 11575 405277 11574->11575 11575->11572 11575->11573 11690 4026ff RtlLeaveCriticalSection 11576->11690 11578 4027d7 11578->11508 11580 406cb7 11579->11580 11581 4041a6 11580->11581 11582 402613 __msize 62 API calls 11580->11582 11581->11527 11581->11528 11583 406cda 11582->11583 11584 4051ad __msize 6 API calls 11583->11584 11584->11581 11586 4064f6 11585->11586 11589 4064fd 11585->11589 11586->11589 11592 406523 11586->11592 11587 402613 __msize 62 API calls 11588 406502 11587->11588 11590 4051ad __msize 6 API calls 11588->11590 11589->11587 11591 40406f 11590->11591 11591->11546 11594 405085 11591->11594 11592->11591 11593 402613 __msize 62 API calls 11592->11593 11593->11588 11646 401d10 11594->11646 11596 4050b2 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11597 405182 __invoke_watson 11596->11597 11598 40518e GetCurrentProcess TerminateProcess 11596->11598 11597->11598 11648 402033 11598->11648 11600 404080 11600->11546 11605 406c05 11601->11605 11602 406c09 11603 4040f4 11602->11603 11604 402613 __msize 62 API calls 11602->11604 11603->11553 11603->11563 11606 406c25 11604->11606 11605->11602 11605->11603 11608 406c4f 11605->11608 11607 4051ad __msize 6 API calls 11606->11607 11607->11603 11608->11603 11609 402613 __msize 62 API calls 11608->11609 11609->11606 11611 406b97 11610->11611 11613 406b90 11610->11613 11612 402613 __msize 62 API calls 11611->11612 11618 406b9c 11612->11618 11613->11611 11616 406bcb 11613->11616 11614 4051ad __msize 6 API calls 11615 40411a 11614->11615 11615->11559 11615->11561 11616->11615 11617 402613 __msize 62 API calls 11616->11617 11617->11618 11618->11614 11620 404ab5 _raise 6 API calls 11619->11620 11621 406a26 11620->11621 11622 406a39 LoadLibraryA 11621->11622 11625 406ac1 11621->11625 11623 406b63 11622->11623 11624 406a4e GetProcAddress 11622->11624 11623->11535 11624->11623 11626 406a64 11624->11626 11629 404abe __decode_pointer 6 API calls 11625->11629 11645 406aeb 11625->11645 11628 404abe __decode_pointer 6 API calls 11631 406ade 11629->11631 11642 406b16 11645->11628 11645->11642 11647 401d1c __VEC_memzero 11646->11647 11647->11596 11649 40203b 11648->11649 11650 40203d IsDebuggerPresent 11648->11650 11649->11600 11656 40593d 11650->11656 11653 4036d9 SetUnhandledExceptionFilter UnhandledExceptionFilter 11654 4036f6 __invoke_watson 11653->11654 11655 4036fe GetCurrentProcess TerminateProcess 11653->11655 11654->11655 11655->11600 11656->11653 11658 403d29 GetProcAddress 11657->11658 11659 403d39 ExitProcess 11657->11659 11658->11659 11661 403402 11660->11661 11671 403361 11660->11671 11662 402635 __calloc_impl 6 API calls 11661->11662 11663 403408 11662->11663 11665 402613 __msize 61 API calls 11663->11665 11664 40419f __FF_MSGBANNER 61 API calls 11669 403372 11664->11669 11677 4033fa 11665->11677 11667 403ff4 __NMSG_WRITE 61 API calls 11667->11669 11668 4033be RtlAllocateHeap 11668->11671 11669->11664 11669->11667 11670 403d40 _doexit 3 API calls 11669->11670 11669->11671 11670->11669 11671->11668 11671->11669 11672 4033ee 11671->11672 11674 402635 __calloc_impl 6 API calls 11671->11674 11675 4033f3 11671->11675 11671->11677 11678 403300 11671->11678 11673 402613 __msize 61 API calls 11672->11673 11673->11675 11674->11671 11676 402613 __msize 61 API calls 11675->11676 11676->11677 11677->11572 11679 40330c __msize 11678->11679 11680 40333d __msize 11679->11680 11681 4027d9 __lock 62 API calls 11679->11681 11680->11671 11682 403322 11681->11682 11683 40301b ___sbh_alloc_block 5 API calls 11682->11683 11684 40332d 11683->11684 11686 403346 11684->11686 11689 4026ff RtlLeaveCriticalSection 11686->11689 11688 40334d 11688->11680 11689->11688 11690->11578 11692 402b95 RtlReAllocateHeap 11691->11692 11693 402bc9 RtlAllocateHeap 11691->11693 11694 402bb3 11692->11694 11695 402bb7 11692->11695 11693->11694 11696 402bec VirtualAlloc 11693->11696 11694->11465 11695->11693 11696->11694 11697 402c06 HeapFree 11696->11697 11697->11694 11699 402c49 VirtualAlloc 11698->11699 11701 402c90 11699->11701 11701->11463 11702->11468 11703->11401 11722 4026ff RtlLeaveCriticalSection 11704->11722 11706 404c41 11706->11411 11708 406192 11707->11708 11709 40618f InterlockedIncrement 11707->11709 11710 40619c InterlockedIncrement 11708->11710 11711 40619f 11708->11711 11709->11708 11710->11711 11712 4061a9 InterlockedIncrement 11711->11712 11713 4061ac 11711->11713 11712->11713 11714 4061b6 InterlockedIncrement 11713->11714 11715 4061b9 11713->11715 11714->11715 11716 4061d2 InterlockedIncrement 11715->11716 11717 4061e2 InterlockedIncrement 11715->11717 11718 4061ed InterlockedIncrement 11715->11718 11716->11715 11717->11715 11718->11414 11723 4026ff RtlLeaveCriticalSection 11719->11723 11721 404c8f 11721->11416 11722->11706 11723->11721 11724->11247 11726 406013 11725->11726 11728 40601a 11725->11728 11735 405e70 11726->11735 11728->11287 11731 404436 11729->11731 11733 4044a3 11731->11733 12136 406d46 11731->12136 11732 4045a1 11732->11291 11732->11293 11733->11732 11734 406d46 72 API calls _parse_cmdline 11733->11734 11734->11733 11736 405e7c __msize 11735->11736 11766 404d0a 11736->11766 11740 405e8f 11787 405c0f 11740->11787 11743 405242 __malloc_crt 62 API calls 11745 405eb0 11743->11745 11744 405fcf __msize 11744->11728 11745->11744 11794 405c8b 11745->11794 11748 405ee0 InterlockedDecrement 11750 405ef0 11748->11750 11751 405f01 InterlockedIncrement 11748->11751 11749 405fdc 11749->11744 11752 405fef 11749->11752 11754 401fa5 __setenvp 62 API calls 11749->11754 11750->11751 11756 401fa5 __setenvp 62 API calls 11750->11756 11751->11744 11753 405f17 11751->11753 11755 402613 __msize 62 API calls 11752->11755 11753->11744 11758 4027d9 __lock 62 API calls 11753->11758 11754->11752 11755->11744 11757 405f00 11756->11757 11757->11751 11760 405f2b InterlockedDecrement 11758->11760 11761 405fa7 11760->11761 11762 405fba InterlockedIncrement 11760->11762 11761->11762 11764 401fa5 __setenvp 62 API calls 11761->11764 11804 405fd1 11762->11804 11765 405fb9 11764->11765 11765->11762 11767 404c91 __getptd_noexit 62 API calls 11766->11767 11768 404d12 11767->11768 11769 404d1f 11768->11769 11770 403cec __amsg_exit 62 API calls 11768->11770 11771 405b6b 11769->11771 11770->11769 11772 405b77 __msize 11771->11772 11773 404d0a __getptd 62 API calls 11772->11773 11774 405b7c 11773->11774 11775 4027d9 __lock 62 API calls 11774->11775 11783 405b8e 11774->11783 11777 405bac 11775->11777 11776 405bf5 11807 405c06 11776->11807 11777->11776 11781 405bc3 InterlockedDecrement 11777->11781 11782 405bdd InterlockedIncrement 11777->11782 11778 403cec __amsg_exit 62 API calls 11780 405b9c __msize 11778->11780 11780->11740 11781->11782 11784 405bce 11781->11784 11782->11776 11783->11778 11783->11780 11784->11782 11785 401fa5 __setenvp 62 API calls 11784->11785 11786 405bdc 11785->11786 11786->11782 11811 403712 11787->11811 11790 405c4c 11792 405c3e 11790->11792 11793 405c51 GetACP 11790->11793 11791 405c2e GetOEMCP 11791->11792 11792->11743 11792->11744 11793->11792 11795 405c0f getSystemCP 74 API calls 11794->11795 11796 405cab 11795->11796 11797 405cb6 setSBCS 11796->11797 11799 405cfa IsValidCodePage 11796->11799 11802 405d1f _memset __setmbcp_nolock 11796->11802 11798 402033 ___ansicp 5 API calls 11797->11798 11800 405e6e 11798->11800 11799->11797 11801 405d0c GetCPInfo 11799->11801 11800->11748 11800->11749 11801->11797 11801->11802 12002 4059d8 GetCPInfo 11802->12002 12135 4026ff RtlLeaveCriticalSection 11804->12135 11806 405fd8 11806->11744 11810 4026ff RtlLeaveCriticalSection 11807->11810 11809 405c0d 11809->11783 11810->11809 11812 403725 11811->11812 11815 403772 11811->11815 11813 404d0a __getptd 62 API calls 11812->11813 11814 40372a 11813->11814 11816 403752 11814->11816 11819 4062d7 11814->11819 11815->11790 11815->11791 11816->11815 11818 405b6b _LocaleUpdate::_LocaleUpdate 64 API calls 11816->11818 11818->11815 11820 4062e3 __msize 11819->11820 11821 404d0a __getptd 62 API calls 11820->11821 11822 4062e8 11821->11822 11823 406316 11822->11823 11825 4062fa 11822->11825 11824 4027d9 __lock 62 API calls 11823->11824 11826 40631d 11824->11826 11827 404d0a __getptd 62 API calls 11825->11827 11834 406299 11826->11834 11831 4062ff 11827->11831 11832 40630d __msize 11831->11832 11833 403cec __amsg_exit 62 API calls 11831->11833 11832->11816 11833->11832 11835 40629d 11834->11835 11841 4062cf 11834->11841 11836 406171 ___addlocaleref 8 API calls 11835->11836 11835->11841 11837 4062b0 11836->11837 11837->11841 11845 406200 11837->11845 11842 406341 11841->11842 12001 4026ff RtlLeaveCriticalSection 11842->12001 11844 406348 11844->11831 11846 406211 InterlockedDecrement 11845->11846 11847 406294 11845->11847 11848 406226 InterlockedDecrement 11846->11848 11849 406229 11846->11849 11847->11841 11859 406028 11847->11859 11848->11849 11850 406233 InterlockedDecrement 11849->11850 11851 406236 11849->11851 11850->11851 11852 406240 InterlockedDecrement 11851->11852 11853 406243 11851->11853 11852->11853 11854 40624d InterlockedDecrement 11853->11854 11856 406250 11853->11856 11854->11856 11855 406269 InterlockedDecrement 11855->11856 11856->11855 11857 406279 InterlockedDecrement 11856->11857 11858 406284 InterlockedDecrement 11856->11858 11857->11856 11858->11847 11860 4060ac 11859->11860 11861 40603f 11859->11861 11862 4060f9 11860->11862 11863 401fa5 __setenvp 62 API calls 11860->11863 11861->11860 11868 406073 11861->11868 11872 401fa5 __setenvp 62 API calls 11861->11872 11879 406120 11862->11879 11913 4075b9 11862->11913 11865 4060cd 11863->11865 11867 401fa5 __setenvp 62 API calls 11865->11867 11869 4060e0 11867->11869 11874 401fa5 __setenvp 62 API calls 11868->11874 11888 406094 11868->11888 11875 401fa5 __setenvp 62 API calls 11869->11875 11870 401fa5 __setenvp 62 API calls 11876 4060a1 11870->11876 11871 406165 11877 401fa5 __setenvp 62 API calls 11871->11877 11878 406068 11872->11878 11873 401fa5 __setenvp 62 API calls 11873->11879 11880 406089 11874->11880 11881 4060ee 11875->11881 11883 401fa5 __setenvp 62 API calls 11876->11883 11884 40616b 11877->11884 11889 407793 11878->11889 11879->11871 11882 401fa5 62 API calls __setenvp 11879->11882 11905 40774e 11880->11905 11887 401fa5 __setenvp 62 API calls 11881->11887 11882->11879 11883->11860 11884->11841 11887->11862 11888->11870 11891 4077a0 11889->11891 11904 40781d 11889->11904 11890 4077b1 11892 4077c3 11890->11892 11894 401fa5 __setenvp 62 API calls 11890->11894 11891->11890 11893 401fa5 __setenvp 62 API calls 11891->11893 11895 4077d5 11892->11895 11896 401fa5 __setenvp 62 API calls 11892->11896 11893->11890 11894->11892 11897 4077e7 11895->11897 11898 401fa5 __setenvp 62 API calls 11895->11898 11896->11895 11899 4077f9 11897->11899 11901 401fa5 __setenvp 62 API calls 11897->11901 11898->11897 11900 40780b 11899->11900 11902 401fa5 __setenvp 62 API calls 11899->11902 11903 401fa5 __setenvp 62 API calls 11900->11903 11900->11904 11901->11899 11902->11900 11903->11904 11904->11868 11906 40775b 11905->11906 11912 40778f 11905->11912 11907 40776b 11906->11907 11908 401fa5 __setenvp 62 API calls 11906->11908 11909 40777d 11907->11909 11910 401fa5 __setenvp 62 API calls 11907->11910 11908->11907 11911 401fa5 __setenvp 62 API calls 11909->11911 11909->11912 11910->11909 11911->11912 11912->11888 11914 4075ca 11913->11914 12000 406119 11913->12000 11915 401fa5 __setenvp 62 API calls 11914->11915 11916 4075d2 11915->11916 11917 401fa5 __setenvp 62 API calls 11916->11917 11918 4075da 11917->11918 11919 401fa5 __setenvp 62 API calls 11918->11919 11920 4075e2 11919->11920 11921 401fa5 __setenvp 62 API calls 11920->11921 11922 4075ea 11921->11922 11923 401fa5 __setenvp 62 API calls 11922->11923 11924 4075f2 11923->11924 11925 401fa5 __setenvp 62 API calls 11924->11925 11926 4075fa 11925->11926 11927 401fa5 __setenvp 62 API calls 11926->11927 11928 407601 11927->11928 11929 401fa5 __setenvp 62 API calls 11928->11929 11930 407609 11929->11930 11931 401fa5 __setenvp 62 API calls 11930->11931 11932 407611 11931->11932 12000->11873 12001->11844 12003 405abe 12002->12003 12006 405a0c _memset 12002->12006 12008 402033 ___ansicp 5 API calls 12003->12008 12012 407577 12006->12012 12010 405b69 12008->12010 12010->11802 12011 407378 ___crtLCMapStringA 97 API calls 12011->12003 12013 403712 _LocaleUpdate::_LocaleUpdate 72 API calls 12012->12013 12014 40758a 12013->12014 12022 4073bd 12014->12022 12017 407378 12018 403712 _LocaleUpdate::_LocaleUpdate 72 API calls 12017->12018 12019 40738b 12018->12019 12088 406fd3 12019->12088 12023 4073de GetStringTypeW 12022->12023 12027 407409 12022->12027 12024 4073fe GetLastError 12023->12024 12026 4073f6 12023->12026 12024->12027 12025 4074f0 12050 407a18 GetLocaleInfoA 12025->12050 12028 407442 MultiByteToWideChar 12026->12028 12045 4074ea 12026->12045 12027->12025 12027->12026 12033 40746f 12028->12033 12028->12045 12030 402033 ___ansicp 5 API calls 12032 405a79 12030->12032 12032->12017 12038 407484 _memset __alloca_probe_16 12033->12038 12039 40334f _malloc 62 API calls 12033->12039 12034 407541 GetStringTypeA 12037 40755c 12034->12037 12034->12045 12036 4074bd MultiByteToWideChar 12041 4074d3 GetStringTypeW 12036->12041 12042 4074e4 12036->12042 12043 401fa5 __setenvp 62 API calls 12037->12043 12038->12036 12038->12045 12039->12038 12041->12042 12046 406fb3 12042->12046 12043->12045 12045->12030 12047 406fd0 12046->12047 12048 406fbf 12046->12048 12047->12045 12048->12047 12049 401fa5 __setenvp 62 API calls 12048->12049 12049->12047 12051 407a46 12050->12051 12052 407a4b 12050->12052 12054 402033 ___ansicp 5 API calls 12051->12054 12081 40204d 12052->12081 12055 407514 12054->12055 12055->12034 12055->12045 12056 407a61 12055->12056 12057 407b2b 12056->12057 12058 407aa1 GetCPInfo 12056->12058 12061 402033 ___ansicp 5 API calls 12057->12061 12059 407b16 MultiByteToWideChar 12058->12059 12060 407ab8 12058->12060 12059->12057 12065 407ad1 _strlen 12059->12065 12060->12059 12062 407abe GetCPInfo 12060->12062 12063 407535 12061->12063 12062->12059 12064 407acb 12062->12064 12063->12034 12063->12045 12064->12059 12064->12065 12066 40334f _malloc 62 API calls 12065->12066 12069 407b03 _memset __alloca_probe_16 12065->12069 12066->12069 12067 407b60 MultiByteToWideChar 12068 407b78 12067->12068 12078 407b97 12067->12078 12071 407b9c 12068->12071 12072 407b7f WideCharToMultiByte 12068->12072 12069->12057 12069->12067 12070 406fb3 __freea 62 API calls 12070->12057 12073 407ba7 WideCharToMultiByte 12071->12073 12074 407bbb 12071->12074 12072->12078 12073->12074 12073->12078 12075 405287 __calloc_crt 62 API calls 12074->12075 12076 407bc3 12075->12076 12077 407bcc WideCharToMultiByte 12076->12077 12076->12078 12077->12078 12079 407bde 12077->12079 12078->12070 12080 401fa5 __setenvp 62 API calls 12079->12080 12080->12078 12084 4039c8 12081->12084 12085 4039e1 12084->12085 12086 403799 strtoxl 86 API calls 12085->12086 12087 40205e 12086->12087 12087->12051 12089 406ff4 LCMapStringW 12088->12089 12090 40700f 12088->12090 12089->12090 12091 407017 GetLastError 12089->12091 12092 407069 12090->12092 12093 40720d 12090->12093 12091->12090 12095 407082 MultiByteToWideChar 12092->12095 12118 407204 12092->12118 12094 407a18 ___ansicp 86 API calls 12093->12094 12096 407235 12094->12096 12101 4070af 12095->12101 12095->12118 12099 407329 LCMapStringA 12096->12099 12100 40724e 12096->12100 12096->12118 12097 402033 ___ansicp 5 API calls 12098 405a99 12097->12098 12098->12011 12102 407285 12099->12102 12103 407a61 ___convertcp 69 API calls 12100->12103 12106 40334f _malloc 62 API calls 12101->12106 12115 4070c8 __alloca_probe_16 12101->12115 12105 407350 12102->12105 12110 401fa5 __setenvp 62 API calls 12102->12110 12107 407260 12103->12107 12104 407100 MultiByteToWideChar 12108 407119 LCMapStringW 12104->12108 12109 4071fb 12104->12109 12116 401fa5 __setenvp 62 API calls 12105->12116 12105->12118 12106->12115 12111 40726a LCMapStringA 12107->12111 12107->12118 12108->12109 12113 40713a 12108->12113 12112 406fb3 __freea 62 API calls 12109->12112 12110->12105 12111->12102 12121 40728c 12111->12121 12112->12118 12114 407143 12113->12114 12120 40716c 12113->12120 12114->12109 12117 407155 LCMapStringW 12114->12117 12115->12104 12115->12118 12116->12118 12117->12109 12118->12097 12119 4071bb LCMapStringW 12122 4071d3 WideCharToMultiByte 12119->12122 12123 4071f5 12119->12123 12125 407187 __alloca_probe_16 12120->12125 12127 40334f _malloc 62 API calls 12120->12127 12124 40334f _malloc 62 API calls 12121->12124 12126 40729d _memset __alloca_probe_16 12121->12126 12122->12123 12128 406fb3 __freea 62 API calls 12123->12128 12124->12126 12125->12109 12125->12119 12126->12102 12129 4072db LCMapStringA 12126->12129 12127->12125 12128->12109 12131 4072f7 12129->12131 12132 4072fb 12129->12132 12134 406fb3 __freea 62 API calls 12131->12134 12133 407a61 ___convertcp 69 API calls 12132->12133 12133->12131 12134->12102 12135->11806 12139 406cf3 12136->12139 12140 403712 _LocaleUpdate::_LocaleUpdate 72 API calls 12139->12140 12141 406d06 12140->12141 12141->11731 12143 4067cb 12142->12143 12144 404a43 __encode_pointer 6 API calls 12143->12144 12145 4067e3 12143->12145 12144->12143 12145->11313 12149 403bcd 12146->12149 12148 403c16 12148->11315 12150 403bd9 __msize 12149->12150 12157 403d58 12150->12157 12156 403bfa __msize 12156->12148 12158 4027d9 __lock 62 API calls 12157->12158 12159 403bde 12158->12159 12160 403ae2 12159->12160 12161 404abe __decode_pointer 6 API calls 12160->12161 12162 403af6 12161->12162 12163 404abe __decode_pointer 6 API calls 12162->12163 12164 403b06 12163->12164 12165 403b89 12164->12165 12180 4066d8 12164->12180 12177 403c03 12165->12177 12167 403b70 12168 404a43 __encode_pointer 6 API calls 12167->12168 12169 403b7e 12168->12169 12172 404a43 __encode_pointer 6 API calls 12169->12172 12170 403b48 12170->12165 12174 4052d3 __realloc_crt 71 API calls 12170->12174 12175 403b5e 12170->12175 12171 403b24 12171->12167 12171->12170 12193 4052d3 12171->12193 12172->12165 12174->12175 12175->12165 12176 404a43 __encode_pointer 6 API calls 12175->12176 12176->12167 12242 403d61 12177->12242 12181 4066e4 __msize 12180->12181 12182 406711 12181->12182 12183 4066f4 12181->12183 12184 406752 RtlSizeHeap 12182->12184 12186 4027d9 __lock 62 API calls 12182->12186 12185 402613 __msize 62 API calls 12183->12185 12188 406709 __msize 12184->12188 12187 4066f9 12185->12187 12190 406721 ___sbh_find_block 12186->12190 12189 4051ad __msize 6 API calls 12187->12189 12188->12171 12189->12188 12198 406772 12190->12198 12197 4052dc 12193->12197 12195 40531b 12195->12170 12196 4052fc Sleep 12196->12197 12197->12195 12197->12196 12202 401d8a 12197->12202 12201 4026ff RtlLeaveCriticalSection 12198->12201 12200 40674d 12200->12184 12200->12188 12201->12200 12203 401d96 __msize 12202->12203 12204 401dab 12203->12204 12205 401d9d 12203->12205 12207 401db2 12204->12207 12208 401dbe 12204->12208 12206 40334f _malloc 62 API calls 12205->12206 12224 401da5 _realloc __msize 12206->12224 12209 401fa5 __setenvp 62 API calls 12207->12209 12215 401f30 12208->12215 12237 401dcb ___sbh_resize_block ___sbh_find_block 12208->12237 12209->12224 12210 401f63 12212 402635 __calloc_impl 6 API calls 12210->12212 12211 401f35 RtlReAllocateHeap 12211->12215 12211->12224 12214 401f69 12212->12214 12213 4027d9 __lock 62 API calls 12213->12237 12217 402613 __msize 62 API calls 12214->12217 12215->12210 12215->12211 12216 401f87 12215->12216 12218 402635 __calloc_impl 6 API calls 12215->12218 12220 401f7d 12215->12220 12219 402613 __msize 62 API calls 12216->12219 12216->12224 12217->12224 12218->12215 12221 401f90 GetLastError 12219->12221 12223 402613 __msize 62 API calls 12220->12223 12221->12224 12226 401efe 12223->12226 12224->12197 12225 401e56 RtlAllocateHeap 12225->12237 12226->12224 12227 401f03 GetLastError 12226->12227 12227->12224 12228 401eab RtlReAllocateHeap 12228->12237 12229 40301b ___sbh_alloc_block 5 API calls 12229->12237 12230 401f16 12230->12224 12233 402613 __msize 62 API calls 12230->12233 12231 402635 __calloc_impl 6 API calls 12231->12237 12232 40286c VirtualFree VirtualFree HeapFree ___sbh_free_block 12232->12237 12235 401f23 12233->12235 12234 401ef9 12236 402613 __msize 62 API calls 12234->12236 12235->12221 12235->12224 12236->12226 12237->12210 12237->12213 12237->12224 12237->12225 12237->12228 12237->12229 12237->12230 12237->12231 12237->12232 12237->12234 12238 401ece 12237->12238 12241 4026ff RtlLeaveCriticalSection 12238->12241 12240 401ed5 12240->12237 12241->12240 12245 4026ff RtlLeaveCriticalSection 12242->12245 12244 403c08 12244->12156 12245->12244 12247 4020e2 12246->12247 12248 40334f _malloc 62 API calls 12247->12248 12249 4020fc 12247->12249 12250 402635 __calloc_impl 6 API calls 12247->12250 12253 4020fe std::bad_alloc::bad_alloc 12247->12253 12248->12247 12249->11325 12250->12247 12251 402124 12301 4020bb 12251->12301 12253->12251 12255 403c09 __cinit 72 API calls 12253->12255 12255->12251 12257 40213c 12259 4016fe 12258->12259 12260 402033 ___ansicp 5 API calls 12259->12260 12261 401723 12260->12261 12261->11329 12263 401460 12262->12263 12264 401464 12262->12264 12263->11333 12265 401472 12264->12265 12266 401477 VirtualAlloc 12264->12266 12265->11333 12267 401496 VirtualAlloc 12266->12267 12268 4014ae GetProcessHeap RtlAllocateHeap VirtualAlloc VirtualAlloc 12266->12268 12267->12268 12269 401564 12267->12269 12270 401505 12268->12270 12269->11333 12313 401000 12270->12313 12272 40151b 12319 4011f0 12272->12319 12274 401536 12275 40155a 12274->12275 12331 4010b0 12274->12331 12276 4013c0 66 API calls 12275->12276 12279 40156e 12275->12279 12276->12269 12279->11333 12282 40132d 12281->12282 12283 401331 12281->12283 12282->11335 12285 40137d 12283->12285 12663 407d5a 12283->12663 12285->11335 12287 40144a 12286->12287 12291 4013cd 12286->12291 12287->11327 12288 401421 12289 40143a GetProcessHeap HeapFree 12288->12289 12290 40142c VirtualFree 12288->12290 12289->12287 12290->12289 12291->12288 12293 40140c FreeLibrary 12291->12293 12294 401417 12291->12294 12292 401fa5 __setenvp 62 API calls 12292->12288 12293->12291 12294->12292 12296 401fa5 __msize 12295->12296 12297 40202d __msize 12296->12297 12298 402004 HeapFree 12296->12298 12297->11317 12298->12297 12299 402017 12298->12299 12300 402613 __msize 62 API calls 12299->12300 12300->12297 12307 403a10 12301->12307 12304 403c20 12305 403c55 RaiseException 12304->12305 12306 403c49 12304->12306 12305->12257 12306->12305 12308 403a30 _strlen 12307->12308 12312 4020cb 12307->12312 12309 40334f _malloc 62 API calls 12308->12309 12308->12312 12310 403a43 12309->12310 12311 4064e5 _strcpy_s 62 API calls 12310->12311 12310->12312 12311->12312 12312->12304 12316 401028 12313->12316 12318 4010a5 12313->12318 12314 401062 VirtualAlloc 12314->12316 12315 401044 VirtualAlloc 12317 401060 _memset 12315->12317 12316->12314 12316->12315 12316->12318 12317->12316 12318->12272 12320 4012f0 12319->12320 12321 40120f IsBadReadPtr 12319->12321 12320->12274 12322 4012e8 12321->12322 12327 401229 12321->12327 12322->12274 12323 4012f7 12323->12274 12324 40123b LoadLibraryA 12325 4012e0 12324->12325 12324->12327 12325->12274 12326 401d8a _realloc 70 API calls 12326->12327 12327->12323 12327->12324 12327->12325 12327->12326 12328 4012bb IsBadReadPtr 12327->12328 12329 401295 12327->12329 12328->12323 12328->12327 12329->12327 12329->12328 12330 4012a0 GetProcAddress 12329->12330 12330->12325 12330->12329 12332 401163 12331->12332 12335 4010cf 12331->12335 12332->12275 12332->12279 12336 100052b7 12332->12336 12333 4010f2 VirtualFree 12333->12335 12334 40113c VirtualProtect 12334->12335 12335->12332 12335->12333 12335->12334 12337 100052c2 12336->12337 12338 100052c7 12336->12338 12350 1000ad45 12337->12350 12342 100051c1 12338->12342 12341 100052d5 12341->12275 12343 100051cd __setmbcp 12342->12343 12344 1000526a __setmbcp 12343->12344 12348 1000521a ___DllMainCRTStartup 12343->12348 12354 1000508c 12343->12354 12344->12341 12346 1000524a 12346->12344 12347 1000508c __CRT_INIT@12 153 API calls 12346->12347 12347->12344 12348->12344 12348->12346 12349 1000508c __CRT_INIT@12 153 API calls 12348->12349 12349->12346 12351 1000ad77 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 12350->12351 12352 1000ad6a 12350->12352 12353 1000ad6e 12351->12353 12352->12351 12352->12353 12353->12338 12355 10005117 12354->12355 12356 1000509b 12354->12356 12358 1000511d 12355->12358 12359 1000514e 12355->12359 12405 10006468 HeapCreate 12356->12405 12366 10005138 12358->12366 12379 100050a6 12358->12379 12531 1000748f 12358->12531 12360 10005153 12359->12360 12361 100051ac 12359->12361 12361->12379 12366->12379 12379->12348 12406 100050a1 12405->12406 12406->12379 12407 10007e94 GetModuleHandleW 12406->12407 12640 1000734d 12531->12640 12664 407d93 12663->12664 12665 407d6a 12663->12665 12672 407c85 12664->12672 12665->12664 12666 407d6f 12665->12666 12668 402613 __msize 62 API calls 12666->12668 12669 407d74 12668->12669 12670 4051ad __msize 6 API calls 12669->12670 12671 407d84 12670->12671 12671->12283 12673 403712 _LocaleUpdate::_LocaleUpdate 72 API calls 12672->12673 12674 407c99 12673->12674 12675 407ca0 12674->12675 12676 407cce 12674->12676 12677 402613 __msize 62 API calls 12675->12677 12678 407cd6 12676->12678 12686 407d01 12676->12686 12679 407ca5 12677->12679 12680 402613 __msize 62 API calls 12678->12680 12681 4051ad __msize 6 API calls 12679->12681 12682 407cdb 12680->12682 12684 407cb5 __stricmp_l 12681->12684 12683 4051ad __msize 6 API calls 12682->12683 12683->12684 12684->12671 12685 407ddb 97 API calls __tolower_l 12685->12686 12686->12684 12686->12685 12688 403e3c __msize 12687->12688 12689 4027d9 __lock 62 API calls 12688->12689 12690 403e43 12689->12690 12692 404abe __decode_pointer 6 API calls 12690->12692 12696 403efc __initterm 12690->12696 12694 403e7a 12692->12694 12694->12696 12698 404abe __decode_pointer 6 API calls 12694->12698 12695 403f44 __msize 12695->11354 12704 403f47 12696->12704 12702 403e8f 12698->12702 12699 403f3b 12700 403d40 _doexit 3 API calls 12699->12700 12700->12695 12701 404ab5 6 API calls _raise 12701->12702 12702->12696 12702->12701 12703 404abe 6 API calls __decode_pointer 12702->12703 12703->12702 12705 403f28 12704->12705 12706 403f4d 12704->12706 12705->12695 12708 4026ff RtlLeaveCriticalSection 12705->12708 12709 4026ff RtlLeaveCriticalSection 12706->12709 12708->12699 12709->12705 12710 43d989 12712 43d994 VirtualProtect VirtualProtect 12710->12712 12713 43da0a 12712->12713 12713->12713

                                      Executed Functions

                                      Function 10002800 Relevance: 22.8, APIs: 5, Strings: 8, Instructions: 59COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetCurrentProcess.KERNEL32(00000028,0649FEDA,?,?,?,?,?,?,10002918,0649FEDA,10026170,74DF0440,00000000,?,?), ref: 10002814
                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,10002918,0649FEDA,10026170,74DF0440,00000000,?,?), ref: 1000281B
                                      • LookupPrivilegeValueA.ADVAPI32 ref: 10002888
                                      • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 100028B3
                                      • CloseHandle.KERNEL32(?,?,00000000,?,00000000,00000000,00000000), ref: 100028BD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                      • String ID: D$P$S$b$l$r$u$v
                                      • API String ID: 3038321057-2680133038
                                      • Opcode ID: 8c82566e12f3aef830bd81e5586479da4618ad9adca5fcfdf5200e034debfd33
                                      • Instruction ID: 86c4b361cd7e9e9647a48c7f3e2ee75cceac27c9bb692ae9df1e262ca40207a3
                                      • Opcode Fuzzy Hash: 8c82566e12f3aef830bd81e5586479da4618ad9adca5fcfdf5200e034debfd33
                                      • Instruction Fuzzy Hash: 0D21106410D380DEE301CB648889B5BBFE46FA9788F04494CF1C85B292C7B5D64CCB6B
                                      Function 10003100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 254 10003100-1000311b call 10003e38 257 10003121-1000312f GetAdaptersInfo 254->257 258 10003248-1000324a 254->258 259 10003131-10003148 call 10003d5b call 10003e38 257->259 260 1000314e-1000315c GetAdaptersInfo 257->260 259->258 259->260 261 10003162-10003166 260->261 262 1000323a-1000323c 260->262 264 10003247 261->264 266 1000316c 261->266 262->264 265 1000323e-10003244 call 10003d5b 262->265 264->258 265->264 270 10003170-1000317b 266->270 273 10003180-10003184 270->273 274 100031a0-100031a2 273->274 275 10003186-10003188 273->275 278 100031a5-100031a7 274->278 276 1000318a-10003190 275->276 277 1000319c-1000319e 275->277 276->274 279 10003192-1000319a 276->279 277->278 280 10003211-10003215 278->280 281 100031a9-100031ae 278->281 279->273 279->277 280->270 282 1000321b 280->282 283 100031b4-100031b8 281->283 282->262 284 100031d4-100031d6 283->284 285 100031ba-100031bc 283->285 288 100031d9-100031db 284->288 286 100031d0-100031d2 285->286 287 100031be-100031c4 285->287 286->288 287->284 289 100031c6-100031ce 287->289 288->280 290 100031dd-100031e2 288->290 289->283 289->286 291 100031e8-100031ec 290->291 292 10003208-1000320a 291->292 293 100031ee-100031f0 291->293 296 1000320d-1000320f 292->296 294 100031f2-100031f8 293->294 295 10003204-10003206 293->295 294->292 297 100031fa-10003202 294->297 295->296 296->280 298 1000321d-10003229 296->298 297->291 297->295 299 10003230-10003238 298->299 299->262 299->299
                                      APIs
                                      • _malloc.LIBCMT ref: 1000310F
                                        • Part of subcall function 10003E38: __FF_MSGBANNER.LIBCMT ref: 10003E5B
                                        • Part of subcall function 10003E38: __NMSG_WRITE.LIBCMT ref: 10003E62
                                        • Part of subcall function 10003E38: RtlAllocateHeap.NTDLL(00000000,?,10026128), ref: 10003EAF
                                      • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 10003127
                                      • _malloc.LIBCMT ref: 1000313C
                                      • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 10003155
                                        • Part of subcall function 10003D5B: __lock.LIBCMT ref: 10003D79
                                        • Part of subcall function 10003D5B: ___sbh_find_block.LIBCMT ref: 10003D84
                                        • Part of subcall function 10003D5B: ___sbh_free_block.LIBCMT ref: 10003D93
                                        • Part of subcall function 10003D5B: HeapFree.KERNEL32(00000000,?,10011280,0000000C,10006669,00000000,10011360,0000000C,100066A3,?,?,?,1000C102,00000004,100116D0,0000000C), ref: 10003DC3
                                        • Part of subcall function 10003D5B: GetLastError.KERNEL32(?,1000C102,00000004,100116D0,0000000C,1000807C,?,?,00000000,00000000,00000000,?,10007C8F,00000001,00000214), ref: 10003DD4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: AdaptersHeapInfo_malloc$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock
                                      • String ID: 0.0.0.0
                                      • API String ID: 548094864-3771769585
                                      • Opcode ID: 5afbc1d8ef4b1f28fa49baa1dd9cc6f985bb315a3fe7a7adf2fb13ef22176e4d
                                      • Instruction ID: 13b3eda111712e004b766157a5d44c3bcdc5ac76bcfb479562226956bd4f7a3f
                                      • Opcode Fuzzy Hash: 5afbc1d8ef4b1f28fa49baa1dd9cc6f985bb315a3fe7a7adf2fb13ef22176e4d
                                      • Instruction Fuzzy Hash: 6F31E2361082C216F313CA3448916EB7BEECB9A6D0F55C668DCD58724AEB27DD0E8351
                                      Function 00401730 Relevance: 34.7, APIs: 4, Strings: 19, Instructions: 183stringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • lstrcmpiA.KERNEL32(?,00409140), ref: 0040176A
                                      • lstrcmpiA.KERNEL32(?,0040913C), ref: 00401780
                                      • lstrlen.KERNEL32 ref: 004018F7
                                        • Part of subcall function 00401580: _memset.LIBCMT ref: 0040159B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: lstrcmpi$_memsetlstrlen
                                      • String ID: .$.$.$0$1$3$6$D$LTY 1.0$O$S$S$_$a$b$c$d$e$p
                                      • API String ID: 157887750-675284778
                                      • Opcode ID: bbbaf384ff21e4a38659183b02c4c53a2477fd56f201dbac27deb99c4e18e97f
                                      • Instruction ID: 4bf01a5e1586d977584093c044e02db9ce831f488f93ac3e360f35ad14241ae2
                                      • Opcode Fuzzy Hash: bbbaf384ff21e4a38659183b02c4c53a2477fd56f201dbac27deb99c4e18e97f
                                      • Instruction Fuzzy Hash: F471927150C3809ED311DB28C844B5BBFE55F99348F04496EF4C867392D6BAD608C7AB
                                      Function 100028E0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 147sleepsynchronizationthreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                        • Part of subcall function 10002800: GetCurrentProcess.KERNEL32(00000028,0649FEDA,?,?,?,?,?,?,10002918,0649FEDA,10026170,74DF0440,00000000,?,?), ref: 10002814
                                        • Part of subcall function 10002800: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,10002918,0649FEDA,10026170,74DF0440,00000000,?,?), ref: 1000281B
                                        • Part of subcall function 10002800: LookupPrivilegeValueA.ADVAPI32 ref: 10002888
                                        • Part of subcall function 10002800: AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 100028B3
                                        • Part of subcall function 10002800: CloseHandle.KERNEL32(?,?,00000000,?,00000000,00000000,00000000), ref: 100028BD
                                      • inet_addr.WS2_32(?), ref: 10002922
                                      • htonl.WS2_32(00000000), ref: 1000292B
                                      • inet_addr.WS2_32(?), ref: 10002934
                                      • htonl.WS2_32(00000000), ref: 10002937
                                      • inet_addr.WS2_32(?), ref: 1000293F
                                      • htonl.WS2_32(00000000), ref: 10002942
                                      • CreateSemaphoreA.KERNEL32(00000000,000001F4,000001F4,00000000), ref: 1000298B
                                      • GetStdHandle.KERNEL32(000000F5), ref: 100029A0
                                      • WaitForSingleObject.KERNEL32(000003A4,000000FF), ref: 100029D1
                                      • CreateThread.KERNELBASE(00000000,00000000,100025D0,00000000,00000000,?), ref: 100029FE
                                      • CloseHandle.KERNEL32(00000000), ref: 10002A01
                                      • ReleaseSemaphore.KERNEL32(000003A4,00000001,00000000), ref: 10002A14
                                      • _printf.LIBCMT ref: 10002A39
                                      • Sleep.KERNELBASE(00000004), ref: 10002A47
                                      • WaitForSingleObject.KERNEL32(000003A4,000000FF), ref: 10002A5F
                                      • ReleaseSemaphore.KERNEL32(000003A4,00000001,?), ref: 10002A71
                                      • Sleep.KERNEL32(000003E8), ref: 10002A80
                                      • Sleep.KERNEL32(000001F4), ref: 10002AB8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: HandleSemaphoreSleephtonlinet_addr$CloseCreateObjectProcessReleaseSingleTokenWait$AdjustCurrentLookupOpenPrivilegePrivilegesThreadValue_printf
                                      • String ID: -> %d/%d - %d
                                      • API String ID: 4009574119-755143330
                                      • Opcode ID: 4034337d87ab06df19aeaa6d61e1cbf4aa3d5902c903d3b287d550b8f9ddec2d
                                      • Instruction ID: 695181dd5464a0f6f0be3929049ef5d31a452b1036d52230af5166b4d15058c4
                                      • Opcode Fuzzy Hash: 4034337d87ab06df19aeaa6d61e1cbf4aa3d5902c903d3b287d550b8f9ddec2d
                                      • Instruction Fuzzy Hash: C4519EB1A00225EFF710DF64CCC5BAA7BB8FB4D790F244619F615D7296DB30A9418B60
                                      Function 10003890 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 213networkfilestringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • InternetOpenA.WININET ref: 100038F6
                                      • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000100,00000000), ref: 10003918
                                      • _malloc.LIBCMT ref: 1000392F
                                      • _malloc.LIBCMT ref: 1000393B
                                      • _memset.LIBCMT ref: 10003949
                                      • InternetReadFile.WININET(00000000,00000000,00001388,?), ref: 10003961
                                      • _realloc.LIBCMT ref: 10003974
                                      • _memset.LIBCMT ref: 10003994
                                      • InternetReadFile.WININET(?,00000000,00001388,?), ref: 100039AC
                                      • InternetCloseHandle.WININET(?), ref: 100039C5
                                      • InternetCloseHandle.WININET(?), ref: 100039CC
                                      • lstrlen.KERNEL32(charset=,00000000,charset=,00000000,00000000), ref: 100039F7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: Internet$CloseFileHandleOpenRead_malloc_memset$_realloclstrlen
                                      • String ID: WinInetGet/0.1$charset=$utf-8
                                      • API String ID: 4132294234-2162586370
                                      • Opcode ID: d534a56e12c1b13d43eef8ce0d18fd28e9767ce21f22b5b01af4825aa1a13e0c
                                      • Instruction ID: 835dc9c0429aa0f09421fd86afab8fd819df953137f35028efcecae1824d2c16
                                      • Opcode Fuzzy Hash: d534a56e12c1b13d43eef8ce0d18fd28e9767ce21f22b5b01af4825aa1a13e0c
                                      • Instruction Fuzzy Hash: 0A719275608340AFE321DB65CC85FABB7ECEF89790F40492DF54597285EB70E9048BA2
                                      Function 00402180 Relevance: 21.1, APIs: 14, Instructions: 78COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 131 402180-40218f 132 402191-40219d 131->132 133 4021b8 131->133 132->133 134 40219f-4021a6 132->134 135 4021bc-4021c6 call 40280c 133->135 134->133 136 4021a8-4021b6 134->136 139 4021d0-4021d7 call 404e53 135->139 140 4021c8-4021cf call 40213d 135->140 136->135 145 4021e1-4021f1 call 4049f7 call 4047a3 139->145 146 4021d9-4021e0 call 40213d 139->146 140->139 153 4021f3-4021fa call 403cec 145->153 154 4021fb-402217 GetCommandLineA call 40466c call 4045b1 145->154 146->145 153->154 161 402221-402228 call 404339 154->161 162 402219-402220 call 403cec 154->162 167 402232-40223c call 403dab 161->167 168 40222a-402231 call 403cec 161->168 162->161 173 402245-40225c call 401730 167->173 174 40223e-402244 call 403cec 167->174 168->167 178 402261-40226b 173->178 174->173 179 402273-4022b7 call 403f88 call 403461 178->179 180 40226d-40226e call 403f5c 178->180 180->179
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__mtinit__setargv__setenvp
                                      • String ID:
                                      • API String ID: 2598563909-0
                                      • Opcode ID: 422c5b5c5c188eb35223f22301f379e21c3a9d62d07f02222985bfe9f004553d
                                      • Instruction ID: a5775a0953094faddf1cef18157058f38ca6e4d5c2192367ef4576ada79c8b53
                                      • Opcode Fuzzy Hash: 422c5b5c5c188eb35223f22301f379e21c3a9d62d07f02222985bfe9f004553d
                                      • Instruction Fuzzy Hash: B92197B19002019AEB107FB2EE0AB6A36686F40719F50417FF604B91D2DBBDC9819A5D
                                      Function 100025D0 Relevance: 16.7, APIs: 11, Instructions: 160networkCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 187 100025d0-10002657 call 10004280 socket 190 10002659-1000265a 187->190 191 1000265f-1000269b htons htonl ioctlsocket 187->191 192 100027af-100027dd call 100042fa call 10003c98 190->192 193 100026a1-100026b6 connect 191->193 194 1000279f-100027a6 call 100027e3 191->194 195 100026b8-100026bd 193->195 201 100027ab-100027ae 194->201 199 100026cd 195->199 200 100026bf-100026c6 195->200 205 100026e1-100026fe select 199->205 206 100026cf-100026d2 199->206 203 100026c8-100026c9 200->203 204 100026cb 200->204 201->192 203->195 204->199 205->194 209 10002704-10002706 205->209 206->205 208 100026d4-100026db 206->208 208->205 209->194 210 1000270c-10002722 send 209->210 210->194 211 10002724-1000272c 210->211 212 1000272e-10002733 211->212 213 10002743 212->213 214 10002735-1000273c 212->214 217 10002745-10002748 213->217 218 10002757-1000276e select 213->218 215 10002741 214->215 216 1000273e-1000273f 214->216 215->213 216->212 217->218 219 1000274a-10002751 217->219 218->194 220 10002770-10002772 218->220 219->218 220->194 221 10002774-1000278a recv 220->221 221->194 222 1000278c-1000279a inet_ntoa call 100024e0 221->222 222->194
                                      APIs
                                      • _memset.LIBCMT ref: 10002634
                                      • socket.WS2_32(00000002,00000001,00000006), ref: 10002649
                                      • htons.WS2_32(000001BD), ref: 1000266D
                                      • htonl.WS2_32(?), ref: 10002678
                                      • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 10002692
                                      • connect.WS2_32(00000000,?,00000010), ref: 100026A8
                                      • select.WS2_32(00000000,00000000,?,00000000,10026108), ref: 100026F9
                                      • send.WS2_32(00000000,100245D0,00000089,00000000), ref: 10002719
                                      • select.WS2_32(00000000,?,00000000,00000000,10026108), ref: 10002769
                                      • recv.WS2_32(00000000,?,00000400,00000000), ref: 10002781
                                      • inet_ntoa.WS2_32(?), ref: 10002790
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: select$_memsetconnecthtonlhtonsinet_ntoaioctlsocketrecvsendsocket
                                      • String ID:
                                      • API String ID: 20693094-0
                                      • Opcode ID: 4608bbc8322a49401af40bdde809952552d8ac664fdac39578e61715bde80972
                                      • Instruction ID: 26b25ee1331adbdff5ef06106ca32a399145e1704cf96ee4613921f5ada663ff
                                      • Opcode Fuzzy Hash: 4608bbc8322a49401af40bdde809952552d8ac664fdac39578e61715bde80972
                                      • Instruction Fuzzy Hash: F251F370904318ABFB10DF64CC85BEE73B4FB48790F204669F91AE65D8EB705981CB25
                                      Function 00401450 Relevance: 9.1, APIs: 6, Instructions: 122COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 224 401450-40145e 225 401460-401463 224->225 226 401464-401470 224->226 227 401472-401476 226->227 228 401477-401494 VirtualAlloc 226->228 229 401496-4014a8 VirtualAlloc 228->229 230 4014ae-401523 GetProcessHeap RtlAllocateHeap VirtualAlloc * 2 call 4019a0 call 401000 228->230 229->230 231 401567-40156d 229->231 236 401530-40153b call 4011f0 230->236 237 401525-40152d call 401170 230->237 242 40153d-40154d call 4010b0 236->242 243 40155e-401564 call 4013c0 236->243 237->236 248 401575-40157b 242->248 249 40154f-401551 242->249 243->231 249->243 250 401553-401558 call 100052b7 249->250 251 40155a-40155c 250->251 251->243 252 40156e 251->252 252->248
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 62c456d58bd07327f8cc3e08e627c9f83f2a48e718a501207197c894143b3646
                                      • Instruction ID: a9aa53ac70811430420a539581a3bd82a43cdeb95e1aba65c4001a27a6a4870a
                                      • Opcode Fuzzy Hash: 62c456d58bd07327f8cc3e08e627c9f83f2a48e718a501207197c894143b3646
                                      • Instruction Fuzzy Hash: 103164716002006BE715DF68DC81F6B77A9AF84758F04402AFA49EB3A2E775E901C759
                                      Function 004011F0 Relevance: 7.6, APIs: 5, Instructions: 109libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 300 4011f0-401209 301 4012f0-4012f6 300->301 302 40120f-401223 IsBadReadPtr 300->302 303 4012e8-4012ef 302->303 304 401229 302->304 305 401230-401235 304->305 306 4012f7-401301 305->306 307 40123b-401248 LoadLibraryA 305->307 308 4012e0-4012e7 307->308 309 40124e-40126a call 401d8a 307->309 309->308 312 40126c-401279 309->312 313 401285-40128b 312->313 314 40127b-401283 312->314 315 40128d-401291 313->315 314->315 316 401293 315->316 317 4012bb-4012d1 IsBadReadPtr 315->317 319 401295-40129a 316->319 320 40129c 316->320 317->306 318 4012d3-4012db 317->318 318->305 321 4012a0-4012ac GetProcAddress 319->321 320->321 321->308 322 4012ae-4012b9 321->322 322->316 322->317
                                      APIs
                                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 0040121B
                                      • LoadLibraryA.KERNELBASE(?,?,00000014), ref: 0040123E
                                      • _realloc.LIBCMT ref: 0040125D
                                        • Part of subcall function 00401D8A: _malloc.LIBCMT ref: 00401DA0
                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004012A2
                                      • IsBadReadPtr.KERNEL32(?,00000014), ref: 004012C9
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: Read$AddressLibraryLoadProc_malloc_realloc
                                      • String ID:
                                      • API String ID: 3858321205-0
                                      • Opcode ID: 1846c2a45a5faf57d4ee2bd302cd70910e0151b02680ddb7ebbeee768ca1f011
                                      • Instruction ID: 4142f6d2b2a5e1cda1719cdaf65d2d1b171473974356da5c574ad30993c7b78f
                                      • Opcode Fuzzy Hash: 1846c2a45a5faf57d4ee2bd302cd70910e0151b02680ddb7ebbeee768ca1f011
                                      • Instruction Fuzzy Hash: 5031BC727002069BD7208F69D880A26F3A8FF80365F14057FE915F73A1D735E8159AA8
                                      Function 004020D8 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 323 4020d8-4020e0 324 4020ef-4020f2 call 40334f 323->324 326 4020f7-4020fa 324->326 327 4020e2-4020ed call 402635 326->327 328 4020fc-4020fd 326->328 327->324 331 4020fe-40210a 327->331 332 402125-40213c call 4020bb call 403c20 331->332 333 40210c-402124 call 40206e call 403c09 331->333 333->332
                                      APIs
                                      • _malloc.LIBCMT ref: 004020F2
                                        • Part of subcall function 0040334F: __FF_MSGBANNER.LIBCMT ref: 00403372
                                        • Part of subcall function 0040334F: __NMSG_WRITE.LIBCMT ref: 00403379
                                        • Part of subcall function 0040334F: RtlAllocateHeap.NTDLL(00000000,?,00000001), ref: 004033C6
                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 00402115
                                        • Part of subcall function 0040206E: std::exception::exception.LIBCMT ref: 0040207A
                                      • std::bad_exception::bad_exception.LIBCMT ref: 00402129
                                      • __CxxThrowException@8.LIBCMT ref: 00402137
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                      • String ID:
                                      • API String ID: 1411284514-0
                                      • Opcode ID: 0c5b9512872b4aeaaa1b5bb0df855a1828bfd12c6f40315308b768f8d07780de
                                      • Instruction ID: cf5248a7b312d72e7fbef3a0cb30a2894c3351b1273888cecde42e1c1f5748b3
                                      • Opcode Fuzzy Hash: 0c5b9512872b4aeaaa1b5bb0df855a1828bfd12c6f40315308b768f8d07780de
                                      • Instruction Fuzzy Hash: A6F0893150031976CB247B62EE0E9593B594B4075CB60807BFD01B50D5DFFDDA45C55E
                                      Function 10002C70 Relevance: 5.2, APIs: 4, Instructions: 181sleepstringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 342 10002c70-10002cd1 call 10003b40 lstrlen 345 10002cd3-10002d15 Sleep call 10003b40 lstrlen 342->345 346 10002d17-10002d4e call 10003100 342->346 345->346 351 10002d52-10002d56 346->351 352 10002d72-10002d74 351->352 353 10002d58-10002d5a 351->353 356 10002d77-10002d79 352->356 354 10002d5c-10002d62 353->354 355 10002d6e-10002d70 353->355 354->352 357 10002d64-10002d6c 354->357 355->356 358 10002d7b 356->358 359 10002d7d-10002e76 call 10002ae0 call 10002bb0 356->359 357->351 357->355 358->359 364 10002eb0-10002eb2 359->364 365 10002e78-10002e7a 359->365 368 10002eb4-10002ec5 364->368 369 10002ec7-10002ec9 364->369 366 10002e95-10002ead call 10003c98 365->366 367 10002e7c-10002e89 365->367 370 10002e8d-10002e90 call 100028e0 367->370 368->370 369->366 372 10002ecb-10002ecd 369->372 370->366 375 10002ee8-10002efe Sleep 372->375 376 10002ecf-10002eda 372->376 377 10002ede-10002ee3 call 100028e0 375->377 376->377 377->375
                                      APIs
                                        • Part of subcall function 10003B40: lstrlen.KERNEL32(Address:,00000000,Address:,?,00000000), ref: 10003B9B
                                      • lstrlen.KERNEL32(?,?), ref: 10002CC6
                                      • Sleep.KERNEL32(00001388), ref: 10002CD8
                                        • Part of subcall function 10003B40: lstrlen.KERNEL32(00000000,00000000), ref: 10003BCB
                                      • lstrlen.KERNEL32(?,?), ref: 10002D10
                                      • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?), ref: 10002EED
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: lstrlen$Sleep
                                      • String ID:
                                      • API String ID: 429307061-0
                                      • Opcode ID: 01160907ffbce50ac604d07a0203dcbb5788cdf2f59fc711bf807c22343a7e53
                                      • Instruction ID: d5fc5bc791ea426810ba23de9c023ffc4b3556340b70ead86af3d67a8c1561d7
                                      • Opcode Fuzzy Hash: 01160907ffbce50ac604d07a0203dcbb5788cdf2f59fc711bf807c22343a7e53
                                      • Instruction Fuzzy Hash: 4D71B4B19083819FD3A1CF78C490B9BBBE5FBC9280F544E2EE189C7255E77095098F52
                                      Function 00401000 Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 379 401000-401022 380 4010a7-4010aa 379->380 381 401028-401030 379->381 382 401033-401037 381->382 383 401062-401080 VirtualAlloc call 4019a0 382->383 384 401039-401042 382->384 389 401085 383->389 385 401044-401060 VirtualAlloc call 401d10 384->385 386 40108b-4010a3 384->386 392 401088 385->392 386->382 390 4010a5-4010a6 386->390 389->392 390->380 392->386
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 00401052
                                      • _memset.LIBCMT ref: 0040105B
                                      • VirtualAlloc.KERNELBASE(?,?,00001000,00000004), ref: 00401070
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: AllocVirtual$_memset
                                      • String ID:
                                      • API String ID: 1876456587-0
                                      • Opcode ID: 9ea9f53229a25d8c650b1b8ed7f1c4ed36205b3c77356b60b482a87fc3536fc8
                                      • Instruction ID: e63676adec5951530087f0fb8fcf79db0b4fe774374467a8bd358f17d76d0ca3
                                      • Opcode Fuzzy Hash: 9ea9f53229a25d8c650b1b8ed7f1c4ed36205b3c77356b60b482a87fc3536fc8
                                      • Instruction Fuzzy Hash: BD1127B1604241ABD324CF19CC80E2AB3E9AF88744F15882EF985AB391C675E8818B65
                                      Function 100046B7 Relevance: 4.5, APIs: 3, Instructions: 38COMMONLIBRARYCODE
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • _malloc.LIBCMT ref: 100046D1
                                        • Part of subcall function 10003E38: __FF_MSGBANNER.LIBCMT ref: 10003E5B
                                        • Part of subcall function 10003E38: __NMSG_WRITE.LIBCMT ref: 10003E62
                                        • Part of subcall function 10003E38: RtlAllocateHeap.NTDLL(00000000,?,10026128), ref: 10003EAF
                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 100046F4
                                        • Part of subcall function 1000469C: std::exception::exception.LIBCMT ref: 100046A8
                                      • __CxxThrowException@8.LIBCMT ref: 10004716
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::exception::exception
                                      • String ID:
                                      • API String ID: 3715980512-0
                                      • Opcode ID: 35cf127d170c4c990af0b89054e95575011cf6f1341b00b85e6cb2344320630a
                                      • Instruction ID: e74ac3db2ee90786c7bf4d68c08f12ba7414ddb8dcc3aa3f835232b7e0ab6116
                                      • Opcode Fuzzy Hash: 35cf127d170c4c990af0b89054e95575011cf6f1341b00b85e6cb2344320630a
                                      • Instruction Fuzzy Hash: 1CF027B990014872FB05E361DC0AA9E3BA9CF022D4F124064F900560AAEF62FE15818A
                                      Function 004010B0 Relevance: 3.1, APIs: 2, Instructions: 70memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 412 4010b0-4010c9 413 401165-401168 412->413 414 4010cf-4010d1 412->414 415 4010d4-4010f0 414->415 416 4010f2-401105 VirtualFree 415->416 417 401107-401119 415->417 418 40114d-40115d 416->418 419 401121-401126 417->419 420 40111b 417->420 418->415 421 401163-401164 418->421 422 401128-40112a 419->422 423 40113a 419->423 420->419 421->413 424 401131-401133 422->424 425 40112c-40112f 422->425 423->418 426 40113c-401147 VirtualProtect 423->426 424->418 428 401135 424->428 427 401138 425->427 426->418 427->423 428->427
                                      APIs
                                      • VirtualFree.KERNEL32(?,?,00004000), ref: 004010FF
                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00401147
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: Virtual$FreeProtect
                                      • String ID:
                                      • API String ID: 2581862158-0
                                      • Opcode ID: 8aee70a4b80a8f4cd9e5e87d4158d522970950da06c6967e9dd23a835e404bb0
                                      • Instruction ID: 01158a0ebdedfebfb5d0d44fccc68dce859093c6507ccef8acdbf3637957df91
                                      • Opcode Fuzzy Hash: 8aee70a4b80a8f4cd9e5e87d4158d522970950da06c6967e9dd23a835e404bb0
                                      • Instruction Fuzzy Hash: FE21D2712002019BDB1CCF45D9C0EBBB3A6EB88705F00826DEA46AF2A9E734EC51C764
                                      Function 0043D989 Relevance: 3.1, APIs: 2, Instructions: 55memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 429 43d989-43d98e 430 43d994-43d998 429->430 431 43d9d6-43da06 VirtualProtect * 2 430->431 432 43d99a-43d9b0 430->432 433 43da0a-43da0e 431->433 436 43d9b1-43d9b6 432->436 433->433 435 43da10 433->435 436->430 437 43d9b8-43d9c7 436->437 439 43d9d0 437->439 440 43d9c9-43d9ce 437->440 439->431 440->436
                                      APIs
                                      • VirtualProtect.KERNELBASE(?,00001000,00000004), ref: 0043D9ED
                                      • VirtualProtect.KERNELBASE(?,00001000), ref: 0043DA02
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID:
                                      • API String ID: 544645111-0
                                      • Opcode ID: 13ec1958b2775ae3cb29b2e3a4e1da5bfdebe1cc9ef8339fd0a728093501d3dd
                                      • Instruction ID: 3cf5af0a4a451dbc91a6a9cbf19450f06c46b7ec94353931cab4f936860c543c
                                      • Opcode Fuzzy Hash: 13ec1958b2775ae3cb29b2e3a4e1da5bfdebe1cc9ef8339fd0a728093501d3dd
                                      • Instruction Fuzzy Hash: 551108B150420A6FF3219770CC45BBB779CEF45355F140555E89AC7286D7A8AC028665
                                      Function 10002F20 Relevance: 3.0, APIs: 2, Instructions: 19networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSAStartup.WS2_32(00000202,0649FEDA), ref: 10002F3D
                                        • Part of subcall function 10002C70: lstrlen.KERNEL32(?,?), ref: 10002CC6
                                        • Part of subcall function 10002C70: Sleep.KERNEL32(00001388), ref: 10002CD8
                                        • Part of subcall function 10002C70: lstrlen.KERNEL32(?,?), ref: 10002D10
                                      • WSACleanup.WS2_32 ref: 10002F55
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: lstrlen$CleanupSleepStartup
                                      • String ID:
                                      • API String ID: 3691655843-0
                                      • Opcode ID: 3c51116619be17370c2f62c0e055a7a788bb48348c267f434b620de2a4110bb2
                                      • Instruction ID: 89097f0d2a3fe618bf9562b198bc6a7f0dd6a711781521fe435ed2360b44443a
                                      • Opcode Fuzzy Hash: 3c51116619be17370c2f62c0e055a7a788bb48348c267f434b620de2a4110bb2
                                      • Instruction Fuzzy Hash: 3CE04F74218340CBF325EB64C86AAEA73F4EB8D300F80051DE55AC6285DA3424048A53
                                      Function 100027E3 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReleaseSemaphore.KERNEL32(000003A4,00000001,00000000,100027AB), ref: 100027ED
                                      • closesocket.WS2_32(00000000), ref: 100027F4
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ReleaseSemaphoreclosesocket
                                      • String ID:
                                      • API String ID: 311773542-0
                                      • Opcode ID: 0090286a53bc98b97790e446ea57a4ba890dcab6c9abd090a2b2a2eae82e9e55
                                      • Instruction ID: 000be27830e383de150e473ed32fb060c2d7733746e1e20562bbecdfefabc882
                                      • Opcode Fuzzy Hash: 0090286a53bc98b97790e446ea57a4ba890dcab6c9abd090a2b2a2eae82e9e55
                                      • Instruction Fuzzy Hash: DDC09271640220ABFE009BA0CDDDF793A28A749B42F140008FB41CA5AAC6A9B001AB50
                                      Function 0040280C Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00402821
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: CreateHeap
                                      • String ID:
                                      • API String ID: 10892065-0
                                      • Opcode ID: b5bf22d2a27a4ca0db081a7577504bb9197e07cbcff66427c2e28fb9d92e008d
                                      • Instruction ID: a2de30ebf60a6189bb05872ff097659235b16e01a42193b44cc84d8d6f11dce9
                                      • Opcode Fuzzy Hash: b5bf22d2a27a4ca0db081a7577504bb9197e07cbcff66427c2e28fb9d92e008d
                                      • Instruction Fuzzy Hash: 94D05E766943049ADB109F74AD097723BDC9784395F108436BC0CD6290E674C991C548
                                      Function 10006468 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,100050A1,?), ref: 1000647D
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: CreateHeap
                                      • String ID:
                                      • API String ID: 10892065-0
                                      • Opcode ID: 0b8f7554f38b72c9dc9189750731cfad9ca360b3fe9d13d691347ee360d7277c
                                      • Instruction ID: 1d9f534ba2e8bc4ca5bcb04e26732d852c31fc63c3238f505c461db92e7fc24b
                                      • Opcode Fuzzy Hash: 0b8f7554f38b72c9dc9189750731cfad9ca360b3fe9d13d691347ee360d7277c
                                      • Instruction Fuzzy Hash: 5AD05E32990355AEF7009F705C497263BDCEB886D5F208435F90CC7550E770D9919500

                                      Non-executed Functions

                                      Function 00402033 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • IsDebuggerPresent.KERNEL32 ref: 004036C7
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004036DC
                                      • UnhandledExceptionFilter.KERNEL32(00409160), ref: 004036E7
                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 00403703
                                      • TerminateProcess.KERNEL32(00000000), ref: 0040370A
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                      • String ID:
                                      • API String ID: 2579439406-0
                                      • Opcode ID: 74eaf3329181d9fd6359935cddf67fa34ebb80c10ed467ea92ab6d32de35f449
                                      • Instruction ID: caf0d137d62034d034fbd377ed622dfeb274d68d50f9d1314b73b75b9199ae51
                                      • Opcode Fuzzy Hash: 74eaf3329181d9fd6359935cddf67fa34ebb80c10ed467ea92ab6d32de35f449
                                      • Instruction Fuzzy Hash: 8621D2B8A00344DFD760EF15F9496553BA4FB88308F82547AE408973B1E7B55986CF4D
                                      Function 10003C98 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • IsDebuggerPresent.KERNEL32 ref: 10005493
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100054A8
                                      • UnhandledExceptionFilter.KERNEL32(1000F3A0), ref: 100054B3
                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 100054CF
                                      • TerminateProcess.KERNEL32(00000000), ref: 100054D6
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                      • String ID:
                                      • API String ID: 2579439406-0
                                      • Opcode ID: 6b400a94a7e174fc8296cd1196d7fb45991ff6cb4e1887b4cd2380c6544d6975
                                      • Instruction ID: f3257386f7bdf2f11a48b8192c0da1a98bb257f5731bb8793f34d3c36609afc2
                                      • Opcode Fuzzy Hash: 6b400a94a7e174fc8296cd1196d7fb45991ff6cb4e1887b4cd2380c6544d6975
                                      • Instruction Fuzzy Hash: 7521CAB8902A28DFF740DF65CCC5A593BB4FB4C389F71501AE50887676E7B1698A8F01
                                      Function 10001B10 Relevance: 18.1, APIs: 12, Instructions: 128networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddrFreeInfo_sprintfclosesocketconnectgetaddrinfogetpeernamesocket
                                      • String ID:
                                      • API String ID: 357618637-0
                                      • Opcode ID: f968d07bf09401d4ca905c482a2d55f29134073bd25110e3d75c48fe33f8a3af
                                      • Instruction ID: 7e8f8d7498ded9ed1de97ff87a1976872bbbe75f0ba1644668d4659acd03c211
                                      • Opcode Fuzzy Hash: f968d07bf09401d4ca905c482a2d55f29134073bd25110e3d75c48fe33f8a3af
                                      • Instruction Fuzzy Hash: CC410C765083109FE350DF69C88496BBBF4FF897A0F414A1EF5A5C7294E731A805CB92
                                      Function 10002240 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 196COMMON
                                      Download Yara Rule
                                      APIs
                                      • _malloc.LIBCMT ref: 10002320
                                        • Part of subcall function 10003E38: __FF_MSGBANNER.LIBCMT ref: 10003E5B
                                        • Part of subcall function 10003E38: __NMSG_WRITE.LIBCMT ref: 10003E62
                                        • Part of subcall function 10003E38: RtlAllocateHeap.NTDLL(00000000,?,10026128), ref: 10003EAF
                                      • _malloc.LIBCMT ref: 10002376
                                      • _malloc.LIBCMT ref: 100023EA
                                        • Part of subcall function 10003D5B: __lock.LIBCMT ref: 10003D79
                                        • Part of subcall function 10003D5B: ___sbh_find_block.LIBCMT ref: 10003D84
                                        • Part of subcall function 10003D5B: ___sbh_free_block.LIBCMT ref: 10003D93
                                        • Part of subcall function 10003D5B: HeapFree.KERNEL32(00000000,?,10011280,0000000C,10006669,00000000,10011360,0000000C,100066A3,?,?,?,1000C102,00000004,100116D0,0000000C), ref: 10003DC3
                                        • Part of subcall function 10003D5B: GetLastError.KERNEL32(?,1000C102,00000004,100116D0,0000000C,1000807C,?,?,00000000,00000000,00000000,?,10007C8F,00000001,00000214), ref: 10003DD4
                                        • Part of subcall function 10001D20: send.WS2_32(100260FC,?,?,00000000), ref: 10001D52
                                      Strings
                                      • 71710533-BEBA-4937-8319-B5DBEF9CCC36, xrefs: 100023F4
                                      • 8a885d04-1ceb-11c9-9fe8-08002b104860, xrefs: 100023AF
                                      • e1af8308-5d1f-11c9-91a4-08002b14a0fa, xrefs: 10002351, 100023C6
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: _malloc$Heap$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__locksend
                                      • String ID: 71710533-BEBA-4937-8319-B5DBEF9CCC36$8a885d04-1ceb-11c9-9fe8-08002b104860$e1af8308-5d1f-11c9-91a4-08002b14a0fa
                                      • API String ID: 2460757428-940264259
                                      • Opcode ID: 7d8f45697e78ba840e60a0b0d9500a8298e42e62d6465d2c4fc28f103fd5005a
                                      • Instruction ID: 1b264b112344a286b62f08fe979abe4cd66a8de88587c9658907f773bab837f3
                                      • Opcode Fuzzy Hash: 7d8f45697e78ba840e60a0b0d9500a8298e42e62d6465d2c4fc28f103fd5005a
                                      • Instruction Fuzzy Hash: 7D5106B56083805BF704DF388845BAFB7D9EFA4380F44452EF48597256EA71EA0883A7
                                      Function 100010C0 Relevance: 9.1, APIs: 6, Instructions: 59networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • socket.WS2_32 ref: 100010E2
                                      • inet_addr.WS2_32(?), ref: 100010F5
                                      • htons.WS2_32(000001BD), ref: 10001104
                                      • connect.WS2_32(00000000,00000001,00000010), ref: 10001117
                                      • setsockopt.WS2_32(00000000,0000FFFF,00001005,00000000,00000004), ref: 1000114F
                                      • setsockopt.WS2_32(00000000,0000FFFF,00001006,00000000,00000004), ref: 10001163
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: setsockopt$connecthtonsinet_addrsocket
                                      • String ID:
                                      • API String ID: 634521338-0
                                      • Opcode ID: d3b95098eae85f92cc2476d2bb1e084d350538fbf2a38f146124337732d3d3eb
                                      • Instruction ID: ab90d36bf04ab1ab28792a5d4df5801b2f3dc8b99b634369fc7100644e842882
                                      • Opcode Fuzzy Hash: d3b95098eae85f92cc2476d2bb1e084d350538fbf2a38f146124337732d3d3eb
                                      • Instruction Fuzzy Hash: 89118271604311ABF600EF64CC4AFABB3A4EF99B50F40451EF250DB1D4EBB0990487D2
                                      Function 10008F65 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __CreateFrameInfo.LIBCMT ref: 10008F8D
                                        • Part of subcall function 10004CCF: __getptd.LIBCMT ref: 10004CDD
                                        • Part of subcall function 10004CCF: __getptd.LIBCMT ref: 10004CEB
                                      • __getptd.LIBCMT ref: 10008F97
                                        • Part of subcall function 10007CDD: __getptd_noexit.LIBCMT ref: 10007CE0
                                        • Part of subcall function 10007CDD: __amsg_exit.LIBCMT ref: 10007CED
                                      • __getptd.LIBCMT ref: 10008FA5
                                      • __getptd.LIBCMT ref: 10008FB3
                                      • __getptd.LIBCMT ref: 10008FBE
                                      • _CallCatchBlock2.LIBCMT ref: 10008FE4
                                        • Part of subcall function 10004D74: __CallSettingFrame@12.LIBCMT ref: 10004DC0
                                        • Part of subcall function 1000908B: __getptd.LIBCMT ref: 1000909A
                                        • Part of subcall function 1000908B: __getptd.LIBCMT ref: 100090A8
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                      • String ID:
                                      • API String ID: 1602911419-0
                                      • Opcode ID: 19366457f99eb2ba43ca3174e5077224196aaae41fcdb5ab2905588aface0ea8
                                      • Instruction ID: 6d1943aa09054af6d3efea09979b7d6c6cd0ea7393e0e7a84452e89f10ae19de
                                      • Opcode Fuzzy Hash: 19366457f99eb2ba43ca3174e5077224196aaae41fcdb5ab2905588aface0ea8
                                      • Instruction Fuzzy Hash: 951119B5D00209DFEF10DFA4C845AEE7BB1FF08350F10806AF818A7255DB38AA119F50
                                      Function 100024E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 100010C0: socket.WS2_32 ref: 100010E2
                                        • Part of subcall function 100010C0: inet_addr.WS2_32(?), ref: 100010F5
                                        • Part of subcall function 100010C0: htons.WS2_32(000001BD), ref: 10001104
                                        • Part of subcall function 100010C0: connect.WS2_32(00000000,00000001,00000010), ref: 10001117
                                      • _memset.LIBCMT ref: 10002532
                                        • Part of subcall function 100012A0: _sprintf.LIBCMT ref: 100012E2
                                      • _printf.LIBCMT ref: 1000259C
                                      • closesocket.WS2_32(00000000), ref: 100025A6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: _memset_printf_sprintfclosesocketconnecthtonsinet_addrsocket
                                      • String ID: %s$@
                                      • API String ID: 2892013958-1009417723
                                      • Opcode ID: 05d5b3fe2b97e3e3bbc0ae5e31354cb5376aa4e690a165740468e6de7c4511cd
                                      • Instruction ID: d4af0a1e68df37c053bb49c4e0b2bba6255989cedd96f643f4383941705f3779
                                      • Opcode Fuzzy Hash: 05d5b3fe2b97e3e3bbc0ae5e31354cb5376aa4e690a165740468e6de7c4511cd
                                      • Instruction Fuzzy Hash: C211E2B99002516EF214DB549C62FFB77ECDFDA7C1F84000EB98492186DEB46C0486B3
                                      Function 10008CB4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 10008CCE
                                        • Part of subcall function 10007CDD: __getptd_noexit.LIBCMT ref: 10007CE0
                                        • Part of subcall function 10007CDD: __amsg_exit.LIBCMT ref: 10007CED
                                      • __getptd.LIBCMT ref: 10008CDF
                                      • __getptd.LIBCMT ref: 10008CED
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                      • String ID: MOC$csm
                                      • API String ID: 803148776-1389381023
                                      • Opcode ID: ce0845d09b459957a6131062b91d2626aaf8542dd5e476fb99f5610ff2b4b54b
                                      • Instruction ID: 7809ab124c588d1158f3cb55494da3994a5d9686434fad794acb1d46434c16bf
                                      • Opcode Fuzzy Hash: ce0845d09b459957a6131062b91d2626aaf8542dd5e476fb99f5610ff2b4b54b
                                      • Instruction Fuzzy Hash: 26E01A35A102048FF710DA64C046F5837E5FB45294F1A04B6A84D87227EB38ED809752
                                      Function 00405B6B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 00405B77
                                        • Part of subcall function 00404D0A: __getptd_noexit.LIBCMT ref: 00404D0D
                                        • Part of subcall function 00404D0A: __amsg_exit.LIBCMT ref: 00404D1A
                                      • __amsg_exit.LIBCMT ref: 00405B97
                                      • __lock.LIBCMT ref: 00405BA7
                                      • InterlockedDecrement.KERNEL32(?), ref: 00405BC4
                                      • InterlockedIncrement.KERNEL32(008F15B8), ref: 00405BEF
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 4271482742-0
                                      • Opcode ID: 5d560d5e219a44ebe9575ff2ac032521f62673b64380f380069cb4ef5b654b61
                                      • Instruction ID: 4c81c9d17ccd454affcda5f3cacb665ea388d5e4f540c941b66f788eaca92c42
                                      • Opcode Fuzzy Hash: 5d560d5e219a44ebe9575ff2ac032521f62673b64380f380069cb4ef5b654b61
                                      • Instruction Fuzzy Hash: 4C018B31A01A219BDB21AF269806B5B7B70EF04720F11003BE804B76D1D73CB982DF9E
                                      Function 10009BD2 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 10009BDE
                                        • Part of subcall function 10007CDD: __getptd_noexit.LIBCMT ref: 10007CE0
                                        • Part of subcall function 10007CDD: __amsg_exit.LIBCMT ref: 10007CED
                                      • __amsg_exit.LIBCMT ref: 10009BFE
                                      • __lock.LIBCMT ref: 10009C0E
                                      • InterlockedDecrement.KERNEL32(?), ref: 10009C2B
                                      • InterlockedIncrement.KERNEL32(010215B0), ref: 10009C56
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 4271482742-0
                                      • Opcode ID: b915ef19fc6a9f41bbe35c694cdedad18e2c2be3ee345302b021820979a56828
                                      • Instruction ID: 56dbaf77e5e653750c3cd1570e9a0eb410f20252ce2cb0aabad9b1a03835aedb
                                      • Opcode Fuzzy Hash: b915ef19fc6a9f41bbe35c694cdedad18e2c2be3ee345302b021820979a56828
                                      • Instruction Fuzzy Hash: 4801C035E00B21DBFB15DB648845B9DB3E0FB047E1F210109E815A7699CB347981CBD5
                                      Function 10003D5B Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __lock.LIBCMT ref: 10003D79
                                        • Part of subcall function 10006688: __mtinitlocknum.LIBCMT ref: 1000669E
                                        • Part of subcall function 10006688: __amsg_exit.LIBCMT ref: 100066AA
                                        • Part of subcall function 10006688: RtlEnterCriticalSection.NTDLL(?), ref: 100066B2
                                      • ___sbh_find_block.LIBCMT ref: 10003D84
                                      • ___sbh_free_block.LIBCMT ref: 10003D93
                                      • HeapFree.KERNEL32(00000000,?,10011280,0000000C,10006669,00000000,10011360,0000000C,100066A3,?,?,?,1000C102,00000004,100116D0,0000000C), ref: 10003DC3
                                      • GetLastError.KERNEL32(?,1000C102,00000004,100116D0,0000000C,1000807C,?,?,00000000,00000000,00000000,?,10007C8F,00000001,00000214), ref: 10003DD4
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                      • String ID:
                                      • API String ID: 2714421763-0
                                      • Opcode ID: a9a395c8c64a107b5fc1c2160f3f281149e6e6503692b2d94fd83d603c7333e0
                                      • Instruction ID: 0fdef51ea46211b2d51c7f9bff59d1d218ba4b39f8528bb6811944a6984ed9a1
                                      • Opcode Fuzzy Hash: a9a395c8c64a107b5fc1c2160f3f281149e6e6503692b2d94fd83d603c7333e0
                                      • Instruction Fuzzy Hash: C5018B35C01315EAFB11EF70AC0A79F7BA9EF047D1F31811AF5459B089CB35A5458654
                                      Function 10002AE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: _sprintf
                                      • String ID: %s.0.0$%s.255.255.255
                                      • API String ID: 1467051239-1053531112
                                      • Opcode ID: 4f2ac01ae8be9c4431755ba7d6c936ae993ec5da5ec11a115016891261e06e42
                                      • Instruction ID: a519e05f2fe54f7add88102434084c9316df7528b642c8c9220708b95a929b21
                                      • Opcode Fuzzy Hash: 4f2ac01ae8be9c4431755ba7d6c936ae993ec5da5ec11a115016891261e06e42
                                      • Instruction Fuzzy Hash: EE218EB69083019FE340CF28D881A2BFBE4EBDD394F01492EF489D7205E33199858B93
                                      Function 10002BB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: _sprintf
                                      • String ID: %s.0.0$%s.255.255
                                      • API String ID: 1467051239-1567914622
                                      • Opcode ID: c018d199947458774f7ce6909992630254bf6f0e3653987aaa2f1e6ca8ed30d9
                                      • Instruction ID: 041d2dc49f0b6771e44957195327b058b30ad1a4d2cc1533408bab12129d8427
                                      • Opcode Fuzzy Hash: c018d199947458774f7ce6909992630254bf6f0e3653987aaa2f1e6ca8ed30d9
                                      • Instruction Fuzzy Hash: 3B1163B6A083409FE344DF29D881A6FB7E8FBDD254F41492EF58AD7105E730A548CB92
                                      Function 1000D2F3 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1000D327
                                      • __isleadbyte_l.LIBCMT ref: 1000D35B
                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000000,?,?,00000000,?,?,?,00000000,00000000,?,00000000), ref: 1000D38C
                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000001,?,00000000,?,?,?,00000000,00000000,?,00000000), ref: 1000D3FA
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                      • String ID:
                                      • API String ID: 3058430110-0
                                      • Opcode ID: 5a47aeb3ec1418e5aae054357b6cfee90229b4a90af095f4c232afe9eb4ff0ee
                                      • Instruction ID: 9cadf880092d749cd6c24657f12800e5706c3f1949b301bbcc580d3d2adc48e4
                                      • Opcode Fuzzy Hash: 5a47aeb3ec1418e5aae054357b6cfee90229b4a90af095f4c232afe9eb4ff0ee
                                      • Instruction Fuzzy Hash: E031B235A14256EFEB10EF64C894AAE7BE5EF022D0F11856AE4649B099D330DE40DB72
                                      Function 10003B40 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 102stringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10003890: InternetOpenA.WININET ref: 100038F6
                                      • lstrlen.KERNEL32(Address:,00000000,Address:,?,00000000), ref: 10003B9B
                                      • lstrlen.KERNEL32(00000000,00000000), ref: 10003BCB
                                        • Part of subcall function 10003D5B: __lock.LIBCMT ref: 10003D79
                                        • Part of subcall function 10003D5B: ___sbh_find_block.LIBCMT ref: 10003D84
                                        • Part of subcall function 10003D5B: ___sbh_free_block.LIBCMT ref: 10003D93
                                        • Part of subcall function 10003D5B: HeapFree.KERNEL32(00000000,?,10011280,0000000C,10006669,00000000,10011360,0000000C,100066A3,?,?,?,1000C102,00000004,100116D0,0000000C), ref: 10003DC3
                                        • Part of subcall function 10003D5B: GetLastError.KERNEL32(?,1000C102,00000004,100116D0,0000000C,1000807C,?,?,00000000,00000000,00000000,?,10007C8F,00000001,00000214), ref: 10003DD4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: lstrlen$ErrorFreeHeapInternetLastOpen___sbh_find_block___sbh_free_block__lock
                                      • String ID: Address:$http://ddns.oray.com/checkip
                                      • API String ID: 2038665243-222288032
                                      • Opcode ID: c94f2c0336589478cef8ae3a7beeca418366219fc1af6587b963cb0fa16e63f9
                                      • Instruction ID: b3eeba61140a080fe8e78d16e387a2ae3afa7c0b2c26dc89ca9f2848b0f18f38
                                      • Opcode Fuzzy Hash: c94f2c0336589478cef8ae3a7beeca418366219fc1af6587b963cb0fa16e63f9
                                      • Instruction Fuzzy Hash: EA21F672A053515BF202D628AC61FBFB7CCEF851D4F08C52AFA4087209DB21ED09C3A2
                                      Function 10003780 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32 ref: 100037DD
                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 1000380F
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 10003824
                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 10003847
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: ByteCharMultiWide
                                      • String ID:
                                      • API String ID: 626452242-0
                                      • Opcode ID: da92fafbb9ba83b0f0886caa2b06039511dc03d38100daf76f2d04a94b275ac6
                                      • Instruction ID: 5b544edf82f3b4c3dd79cdfd94dbab36414e52d3f04fc1d8dd2057ffd936ece6
                                      • Opcode Fuzzy Hash: da92fafbb9ba83b0f0886caa2b06039511dc03d38100daf76f2d04a94b275ac6
                                      • Instruction Fuzzy Hash: F231E5B5644340BFE310CF258C46F27BBECE749B60F10462EFA25D62C5DA71B5088675
                                      Function 004013C0 Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FreeLibrary.KERNEL32 ref: 0040140F
                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00401434
                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 0040143D
                                      • HeapFree.KERNEL32(00000000), ref: 00401444
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: Free$Heap$LibraryProcessVirtual
                                      • String ID:
                                      • API String ID: 548792435-0
                                      • Opcode ID: a54b5111ae4721cc738e9c418911ec0a2c1c12ca1a5b7648992d340e476ddf7f
                                      • Instruction ID: 44b6dcb9f8fa0d770172e878e483460487ee9956fb5d21b62aa35cac5de5b57c
                                      • Opcode Fuzzy Hash: a54b5111ae4721cc738e9c418911ec0a2c1c12ca1a5b7648992d340e476ddf7f
                                      • Instruction Fuzzy Hash: 7C115A71640711ABD2308F65CC84B57B3E8BB88711F14892AE59AA72F1C778F881CB58
                                      Function 004062D7 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 004062E3
                                        • Part of subcall function 00404D0A: __getptd_noexit.LIBCMT ref: 00404D0D
                                        • Part of subcall function 00404D0A: __amsg_exit.LIBCMT ref: 00404D1A
                                      • __getptd.LIBCMT ref: 004062FA
                                      • __amsg_exit.LIBCMT ref: 00406308
                                      • __lock.LIBCMT ref: 00406318
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4141096184.0000000000401000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000A.00000002.4141070938.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.0000000000409000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000040C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141096184.000000000043C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141197300.000000000043D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                      • Associated: 0000000A.00000002.4141215396.000000000043E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_400000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 3521780317-0
                                      • Opcode ID: 524faea45244a268c062c5184f2be0e94cf2fd0199a80f3924abc133d0648528
                                      • Instruction ID: f4e1f9b372ad46e3e63869bb60c71836a386fc819cd7756a748b17d8f7b0d52d
                                      • Opcode Fuzzy Hash: 524faea45244a268c062c5184f2be0e94cf2fd0199a80f3924abc133d0648528
                                      • Instruction Fuzzy Hash: D9F06231A00700CAE621BFA6A50775973A46F40725F12417FE8017B2D1CB7C99518A9A
                                      Function 1000A33E Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • __getptd.LIBCMT ref: 1000A34A
                                        • Part of subcall function 10007CDD: __getptd_noexit.LIBCMT ref: 10007CE0
                                        • Part of subcall function 10007CDD: __amsg_exit.LIBCMT ref: 10007CED
                                      • __getptd.LIBCMT ref: 1000A361
                                      • __amsg_exit.LIBCMT ref: 1000A36F
                                      • __lock.LIBCMT ref: 1000A37F
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                      • String ID:
                                      • API String ID: 3521780317-0
                                      • Opcode ID: 4884e0b45204d1cfb58c31165a06c012d45a0b18908b0aa078a58503ff58d253
                                      • Instruction ID: 3b4ab1aef9f716a3281e031d6d028c1aabcf37f9b90a6b423d083108cdc385d8
                                      • Opcode Fuzzy Hash: 4884e0b45204d1cfb58c31165a06c012d45a0b18908b0aa078a58503ff58d253
                                      • Instruction Fuzzy Hash: 62F03035E407149BF761DB748402B8D73A0FF057E1F614319F4969B2DADB38BA818A52
                                      Function 100012A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                      Download Yara Rule
                                      APIs
                                      • _sprintf.LIBCMT ref: 100012E2
                                        • Part of subcall function 100010A0: recv.WS2_32(74D75E50,00000000,?,00000000), ref: 100010B1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: _sprintfrecv
                                      • String ID: ???$\\%s\IPC$
                                      • API String ID: 2425787784-2720798200
                                      • Opcode ID: 91ab3bcc641255235107154f623fcbffeb4870ceb257c60141859b45d50a3968
                                      • Instruction ID: 8626a2ac0646a49ed062067d8ff73052644c3eb87cdfbe324cca27f62a988a16
                                      • Opcode Fuzzy Hash: 91ab3bcc641255235107154f623fcbffeb4870ceb257c60141859b45d50a3968
                                      • Instruction Fuzzy Hash: E721E4751043859FE321CB28C891BEBB7D9EBC8380F44C82DF689C7255EA74A909C756
                                      Function 1000908B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 10004D22: __getptd.LIBCMT ref: 10004D28
                                        • Part of subcall function 10004D22: __getptd.LIBCMT ref: 10004D38
                                      • __getptd.LIBCMT ref: 1000909A
                                        • Part of subcall function 10007CDD: __getptd_noexit.LIBCMT ref: 10007CE0
                                        • Part of subcall function 10007CDD: __amsg_exit.LIBCMT ref: 10007CED
                                      • __getptd.LIBCMT ref: 100090A8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 0000000A.00000002.4143694144.0000000010001000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                      • Associated: 0000000A.00000002.4143678897.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.0000000010013000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143694144.000000001002B000.00000040.00001000.00020000.00000000.sdmpDownload File
                                      • Associated: 0000000A.00000002.4143750862.000000001002D000.00000004.00001000.00020000.00000000.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_10_2_10000000_HelpSystem.jbxd
                                      Similarity
                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                      • String ID: csm
                                      • API String ID: 803148776-1018135373
                                      • Opcode ID: 1e63982ee4927c94cf36002735b621a62016c2f8b061fef16a69a95215cd6f65
                                      • Instruction ID: 1915a74a9d082d973d19f17d6b88a180184f81430aa84b0b331a2a433b51b776
                                      • Opcode Fuzzy Hash: 1e63982ee4927c94cf36002735b621a62016c2f8b061fef16a69a95215cd6f65
                                      • Instruction Fuzzy Hash: 94014638A012068EFB24CF60C844B9DB3F5FF48291F21442EE4829A299DF76AD80CF41

                                      Execution Graph

                                      Execution Coverage:51.6%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:0%
                                      Total number of Nodes:6
                                      Total number of Limit Nodes:1

                                      Callgraph

                                      • Executed
                                      • Not Executed
                                      • Opacity -> Relevance
                                      • Disassembly available
                                      callgraph 0 Function_004014F0 1 Function_00812B00 0->1

                                      Non-executed Functions

                                      Function 00812B00 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetSystemTimeAsFileTime.KERNEL32 ref: 00812B45
                                      • GetCurrentProcessId.KERNEL32 ref: 00812B50
                                      • GetCurrentThreadId.KERNEL32 ref: 00812B59
                                      • GetTickCount.KERNEL32 ref: 00812B61
                                      • QueryPerformanceCounter.KERNEL32 ref: 00812B6E
                                      Memory Dump Source
                                      • Source File: 0000000C.00000002.4141120724.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 0000000C.00000002.4141100654.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4141810196.00000000009DA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4141828793.00000000009DB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4141851861.00000000009DF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4141872839.00000000009EA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4142185836.0000000000BAD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4142185836.0000000000BBF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4142185836.0000000000C44000.00000004.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4142277512.0000000000C48000.00000008.00000001.01000000.00000009.sdmpDownload File
                                      • Associated: 0000000C.00000002.4142277512.0000000000C4D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_12_2_400000_Network64.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                      • String ID:
                                      • API String ID: 1445889803-0
                                      • Opcode ID: 2e0eb8e543fe4f6079a450de9d971f31e3d4bc826408ef24634c57837d35a535
                                      • Instruction ID: ac116df8242bf511535ce9b7dacce59cab9ddd66f02cbb52400d8b8dee669a59
                                      • Opcode Fuzzy Hash: 2e0eb8e543fe4f6079a450de9d971f31e3d4bc826408ef24634c57837d35a535
                                      • Instruction Fuzzy Hash: DA119E66729B5482FB208B21F8147597364BB48BB0F081B309E9D837B8DB3CC886C700